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Monkey 
on your 
back #17: 

How to buy the 
world’s fastest 
3D workstation 
when you 
you can’t 
afford it. 


think 





If you think fast graphics automatically 
means big bucks, you haven’t seen the new 
DIGITAL Personal Workstation family. 
Not only does this Alpha workstation run 


Windows NT® and DIGITAL UNIX 3D 


si 


graphics applications faster than 
any other workstation, but its price 
is unbeatable. Our family of Intel® 
and Alpha platforms gives you 



mm 

Whatever it takes. 


support for thousands of Win32 
applications. Add to this DIGITAL’S 
wealth of service and support which 
provides seamless inter-operability 
between your UNIX® and Windows 
NT operating systems, and you can’t 
ask for more. For less. For your 
nearest re- seller, call 13 23 93, 
or visit www.pc.digital.com.au. 
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VIRUSES DON’T STOP 
AT THE DESKTOP. 
NEITHER SHOULD YOUR 
ANTIVIRUS SOFTWARE. 
PLAGUE STRENGTH 
VACCINE. 
INOCULAN FOR NT 
OR NETWARE. 


There's only one antivirus solution that goes everywhere you 
need it — InocuLAN from Cheyenne. 

It's the industry's first antivirus solution for the entire 
enterprise. With InocuLAN, you can 
protect all your desktops, servers, 
messaging systems and the Internet. 

InocuLAN offers local and remote 
virus scanning and cure for Windows 
NT and NetWare servers. Automatic 
installation and signature update for 
servers and clients. 

InocuLAN is the first to provide real¬ 
time scanning and cure of email 
attachments and document databases for Microsoft Exchange 
Server, Lotus Notes and Novell GroupWise. And the first with 
antivirus plug-ins for Microsoft Internet Explorer and Netscape 




Microsoft 

BackOffice' 


I ANALYST’S 
'Choice 




Navigator. Plus 
firewall integration 
to scan all incoming 
Internet traffic. 

All InocuLAN's 
components are 
tightly integrated 
and easily managed 
from a single 
console. 

So don't put 
your company at risk 
by relying on a 
desktop antivirus 
product. Call the leader ir 


Call 1-800-635-519 

Or Visit www.cheyenne.com/whitepaperl 
For A Free White Paper On Deploying 
Enterprise Virus Protection. 
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MORE PEOPLE 
BUILD THEIR 
BUSINESSES 
WITH COMPAQ 
ENTERPRISE 
SOLUTIONS. 


It’s not hard to see why more and more 
organisations are relying on Compaq industry- 
standard enterprise solutions to provide the 
backbone to their mission-critical applications. From 
decision-support, corporate accounting, intranets 
and Web sites to transaction processing and data warehousing, 
companies are finding that Compaq not only provides incredible 
value for money, but a total solution that is second to none. 

Working with best-of-breed vendors like Intel, Microsoft, Novell, 
SAP, Baan, PeopleSoft and Oracle to develop industry standards, 
Compaq systems are optimised to squeeze the best possible performance 
from both software and hardware. In fact, clustered Compaq ProLiant 
5000 servers with Pentium" Pro processors have recently been clocked 
at over one billion transactions a day. 

Compaq solutions also lower the cost of ownership through ease of 


installation and maintenance, with features like SmartStart, which allows 
intelligent and optimal installation of operation system, database software 
and internet server software, resulting in a virtually bulletproof server 
platform. To keep systems running smoothly, Compaq Insight Manager 
can actually forecast imminent component failures before they occur. 

And Compaq servers are designed to grow as your needs grow, 
allowing companies to expand on their original investment, rather than 
having to replace it. 

No wonder Compaq have sold more servers than IBM, Hewlett- 
Packard and Digital* combined. Compaq could be just the solution 
you’re looking for. Contact your Authorised Compaq Reseller or call 
Compaq on 1300 368 369 or visit our web site at www.compaq.com.au 

COMPAQ. 







New Matrix-UPS: Award-winning, modular 
UPS protection for datacenters 
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Egotistical Sun chief executive Scott McNally hates Bill 
Gates and Microsoft with a vengeance, and in the next 
twelve months it will be guns drawn at 40 paces as the 
two shoot it out for supremacy in the enterprise comput¬ 
ing marketplace. Under threat is Sun and anyone else 
competing in the Unix market, although the biggest loser 
in the long term could very well be Sun itself. The com¬ 
pany is not only arrogantly selling overpriced hardware, 
but has as its chief executive a man who totally despises 
Microsoft. To the extent that he could never bring him¬ 
self to sit at the same table as Bill Gates or enter into a 
partnership agreement with Microsoft. Hewlett Packard, 
on the other hand, is a major Unix vendor that has recog¬ 
nised that Windows NT will be a major OS in the enter¬ 
prise space. As such, it now allows its Unix customers a 
Windows NT solution should they choose to exit the 
Unix market. 

Sun, one of Microsoft’s and Intel’s primary foes, is now 
trying to stave off Windows’ encroachment on its market 
share by introducing a new line of systems that use Sun’s 
Solaris OS. The new servers, based on Sun’s internally 
developed 250MHz and 300 MHz Ultra Sparc processors 
and PCI bus interfacers, are intended to keep the fast 
growing Microsoft server operating system out of Sun 
accounts. What Sun worries about is that once Windows 
NT is included in a server network, it may take an even 
larger role, resulting in the Unix system being dropped - 
period. The linchpin of Sun’s strategy is a revised road 
map for Solaris, which now includes a prepackaged ver¬ 
sion for intranets. It has also been priced competitively 
versus Windows NT. However, the one thing that’s miss¬ 
ing is a host of applications that will run under the Unix 
Solaris OS, as is available with Windows NT. 

What has become clear as Microsoft steps up its enter¬ 
prise marketing efforts for the NT server operating sys¬ 
tem is that Windows NT will be able to deliver industri¬ 
al strength features that will well and truly take on the 
Unix solution. The scalability Microsoft is boasting about 
combines an increased amount of support for multiple 
processors combined with add-on features to facilitate 
complex database and transaction intensive users, as well 
as clustering technology. 

Despite Unix variants that offer a far greater degree of 
processor support and a wide range of clustering options, 


Windows NT advocates continue to claim that criticism 
of the operating system is unwarranted based on the level 
of performance that it offers for its price. Right now the 
issue of NT’s role in the enterprise is on the minds of 
administrators and third party system companies because 
the operating system has propelled itself into network 
segments, often replacing IBM OS/2 Warp based 
machines or Novell NetWare systems. Observers and 
Microsoft realise the real money will be made in the mid¬ 
range, a market segment currently dominated by Unix 
based servers running mission critical applications and 
large web sites. So in order to make a real play, NT must 
become stronger, and is currently doing so. 

For systems companies that previously relied on Unix 
systems, the role of NT in their accounts seems to be 
growing even larger. Microsoft claims that in three years 
or so, the venerable Unix operating system and relative 
youngsters such as Novell’s NetWare and OS/2 will be 
just memories. But the Unix community is hitting back 
with a marketing campaign to brand the Unix based sys¬ 
tems next year with a Unix 98 sticker. As John Sterlicchi 
said in The Australian newspaper, “Their hearts are in the 
right place, no doubt, but they have a long way to go 
before the phrase Unix 98 will be seen on a resellers pro¬ 
posal. No matter how united the Unix community claims 
it is, members are easily out marketed by the folks in 
Redmond.” According to the open group which is 
administering the specification, Unix 98 products are 
expected to ship in the first quarter of 1998. And what 
Unix vendors claim is that they will now will have more 
opportunities to explain to customers that yes, Unix is 
becoming more promotable and no, they would not be 
locked into any hardware. But let’s face it, this is a knee- 
jerk reaction by a bunch of people who know that they’re 
on a losing slide. 

If Unix was so good why didn’t they do this years ago, 
and why isn’t there a host of applications around to run 
under Unix? And in reality, does the mass market that is 
fast turning to Windows NT want to pay for overpriced 
Sun hardware running an oddball operating system that 
has limited software and applications? The answer is no. 
So as Sun and Microsoft battle it out, my view is that Sun 
will be pushed into niche markets and that Windows NT 
will capture the lion’s share of the mass market. 
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One Solution For All Your Fax Requirements 



50 % oin 


Upgrade from any competitiive DOS, 
Windows, OS/2 or NT FAX Server to 
MESSA&Emanager NT FAX Server 
and you will get 50% off the RRP. 

From only $1,488 you can have One 
FAX Server for all your Windows, 
SAP, Macintosh, Mail, mini and 
mainframe fax applications! 

Hurry, this offer expires Sep¬ 
tember 30 1997. 

Visit our web site at 
www.syssol.com.au 


SYSTEM SOLUTIONS I 


Windows NT is a registered trademark of Microsoft, inc. 


System Solutions delivers high performance Enterprise 
Fax Solutions for Microsoft Exchange, Lotus Notes, 
Internet Mail, Novell GroupWise, cc:Mail, Windows, Mac¬ 
intosh, mini and mainframe applications. 

Powered by Windows NT, MESSAGEmanager converts 
Windows formats, Notes and Exchange Rich Text, 
PostScript, PCL, PCX, DCX, TIFF and ASCII files to crisp, 
clear quality G3 facsimiles that emulate the printout from 
a Postcript or LaserJet printer. 

Incoming faxes are routed direct 
to your workstation. 

For more information contact: 

Systems Solutions 
Level 7, 153 Walker St 
North Sydney, 2060 
Ph: (02)9955 6522 
Fax: (02) 9955 4616 
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Why Luke lost the fight 


If you had walked into any graphic design studio a 
month ago and asked the inhabitants what they 
thought of Microsoft, they’d have probably started 
laughing and hurling abuse at it. ‘The evil empire,’ 
they’d yell. ‘Bloody Windoze.’ 

Yet now it’s a different story. 

Like the Messiah come to save the flock, Steve Jobs 
himself appeared at Apple’s helm - even though he 
refuses to be CEO - and announced that Apple has a 
bright future which happens to be financed by 
Microsoft.Yes, that’s right, Apple and Microsoft are now 
officially friends. While it’s generally been known in the 
industry that the hatred and competition between the 
two existed more on the consumer level than the man¬ 
agement one, now that Microsoft has invested $US150 
million dollars in non-voting Apple stock it’s become 
blatantly clear to the punters - and to the stock market 
dealers. Since the announcement, Apple’s share price 
has rocketed by more than 35%. Whether or not it will 
stay there is another point entirely. 

Yet the deal of the century doesn’t end there. In 
addition to the hot cash injection, Microsoft also 
promised to develop and ship future versions of its 
Office suite for the Macintosh platform, as well as 
bundle Internet Explorer with the Mac OS, making it 
the default browser in future releases. Also in the 
pipeline is for the two companies to collaborate on the 
Java Virtual Machine for both platforms, so that they’ll 
remain compatible with each other. Excuse me, but 
I thought compatibility was the whole point of 
Java anyway. 

‘What’s in it for Microsoft?’ I hear you cry.‘What has 
this got to do with Windows NT?’ 

Well, for one thing it makes sound financial sense. 
After all, it’s in the Macintosh market that Microsoft 
generates $US400 million a year from software sales, 
which more than makes up for its investment. 

Secondly, it’s generally believed that it will settle the 
ongoing lawsuits from Apple against Microsoft for 
patent infringements, which dates back to when Apple 
alleged that Windows copied Apple’s interface design. 
This will save Microsoft time and money. 

Thirdly, it’s been postured by industry punters that 


Microsoft needs Apple to protect it against the US 
Government’s anti-monopoly stance, which doesn’t 
take too kindly to having entire industries controlled by 
one empire. If Apple remains alive then at least there 
will be a perception that it’s a well-rounded market. 

Last but not least, it gives Microsoft another ally and, 
more importantly, makes Microsoft software - most 
notably Internet Explorer - more ubiquitous. Despite 
the fact that there are still more copies of Navigator 
floating in the ether than Explorer, you could easily say 
that Netscape has now all but lost the browser war. 

Yet while it’s easy to see why Microsoft opted to be 
Apple’s saviour in the short term, you have to wonder 
about the long-term effects. The reason is simple - 
Rhapsody, the next version of the Mac OS, is going to 
be a competitor to Windows NT in the very area 
where Microsoft is pushing NT next — namely in the 
publishing market. 

As previously mentioned in this magazine, Windows 
NT is rapidly expanding from being a network envi¬ 
ronment for businesses into a powerful graphics-capable 
platform. The next version of Windows NT - namely 
5.0 — promises to support several monitors at the same 
time, allowing it to be used for animation work, while 
companies are starting to get their act together in terms 
of providing adequate printer and graphics drivers. 
Furthermore, Quark and Adobe, who are two of the 
strongest players in the publishing market, are moving 
their products to NT, indicating that that’s where the 
market is headed. 

However, there could be a strategic rationale behind 
Microsoft’s fit of generosity, for if the Macintosh starts 
to perform more like a Windows PC then it may act as 
a Trojan horse that will lead existing Mac users into the 
Windows fold. Furthermore, Rhapsody - which as it 
stands will already allow developers to create applica¬ 
tions for the NT environment — will no doubt evolve 
in such a way as to work better with Windows NT, 
meaning that soon NT could be used as the server base 
for Macintoshes. Is making the Macintosh more like an 
NT box Microsoft’s plan? Will Windows NT be port¬ 
ed back onto the Power PC platform? Stay tuned for 
more conspiracy theories. 
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Now YOU don’t have to 

SACRIFICE YOUR FIRST BORN 
FOR A BIGGER MONITOR. 


Cornerstone’s new Colour 45/101 sf monitor gives 
your virtually the viewable screen area of a 20”, with 
nearly the footprint of a 17” monitor. So you won’t 
have to stow the picture of your favourite tax deduction 
someplace else. 

Just wait till you see it. The 45/101 sf uses 
Cornerstone’s new SuperFocus technology for sharpness 
right to the edges and far clearer resolution across the 
screen, all in a more compact design. 

Of course, when you match the 45/101 sf with 
Cornerstone’s ImageAcce/® controller, you also get one 
of the highest refresh rates around and ScaleToGray'" 
image enhancement — the technology that makes 
scanned images far easier to read. 

The 45/101s/is backed by a three-year warranty 
and the best service and support in the business. 

Just think of it as a big idea, on a small scale. 



Yet the 45/101sfs new 
compact design saves 2.5” 
in depth and 1.5" in width 
compared to a standard 
20” monitor. 



So you get more screen - 
and less space. 


For more information call Mitsui on 1 800 025 376 
www.mitsui.com.au 



Cornerstone 


Mitsui Computer 
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Windows 98 Beta 1 ships 


The next version of Windows 95 will officially be 
called Windows 98. 

The product, code-named Memphis, is current¬ 
ly in beta testing. The latest beta (officially 
called Beta 1) was recently shipped to thou¬ 
sands of testers. Windows 98 will share a com¬ 
mon code base with Windows NT, and will not 
require the underlying DOS platform to operate. 
Although the new version has many new fea¬ 
tures, most notably increased performance and 
new found multimedia support, Microsoft is 
recommending that enterprise users bypass 
Windows 98 and go directly to Windows NT. 


UDP denial of service 

A new exploit was revealed that effects many 
operating systems, NT included. Sending a 
storm of User Datagram Protocol (UDP) pack¬ 
ets to the broadcast address of a particular 
subnet causes every system listening to 
respond to those UDP packets with packets of 
their own. The more systems 
on the network, the worse the 
problem becomes. This type of 
attack eats bandwidth with 
reckless abandon, and admin¬ 
istrators are advised to load 
the hotfix, or disable the Simple 
TCP/IP Service found under 
Control Panel, Services. 

The hotfix is located on 
Microsoft's FTP site at ftp://ftp. 
microsoft.com /bussys/winnt 
/winnt-public/ fixes/usa/nt40 


Pentium II chip spells death for Pentium Pro 

I nformation about the upcoming 333MHz Pentium II processor, formerly code named 
Deschutes, suggests that it will replace the Pentium Pro chip.Targeted for release early 
next year, the new processor will be designed specifically for servers by being capable 
of supporting up to four processors. This is in contrast to the existing Pentium II, which 
can only support two and thus has been delegated to workstation use only. 

"The Pentium Pro will continue at least into the middle of next year, but in the high end 
workstation and multiprocessor market only," David Bolt, Intel Australia's managing 
director confirmed. 

According to Keith Holtham, architecture manager at Intel, the processor will be 
created using a .25 micron process. "We saw the benefits of going to .25," Holtham said. 
These benefits include a lower power consumption and, due to the smaller circuits, 
ability to run at faster speeds. The only other Intel processor slated to use it is the 
upcomingTillamook mobile processor, which Intel will officially announce on September 
the 9th. 

Another big change that the new processor will herald will be a 100MHz bus, 
dispensing with the existing 66MHz bus that can cause performance bottlenecks. As such, 
a new architecture, called Slot 2, will be used for it.The existing Pentium II architecture, 
called Slot 1, will continue. "You'll have slot 1 which will remain the slot for desktops and 
slot two, which is the slot for servers," Holtham said. 

However, Intel is giving the Pentium Pro a last boost of life by releasing a new version 
of it, which sources say should be released this month. The major new feature is that it 
will double the size of the cache memory, so that it will now be 1MB large. 

Companies such as Hewlett Packard and Compaq have already announced new 
servers that will feature the new Pentium Pro chip. Hewlett Packard said that its new 
servers, which will be in the NetServer series, should be available toward the end of this 

month and cost 
upwards of $23,000. 
Compaq has made 
more specific 

announcements, 
stating that its ProLiant 
6500 and 7000 will have 
the Pentium Pro 
200Mhz chip and will be 
priced upwards from 
$27,000. For more 
details, contact Hewlett 
Packard on 131347, 
while Compaq can be 
reached on 1300 36 
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WINDOWS NT 5 TO GAIN NEW MANAGEMENT FEATURE 


BP MOVES FROM UNIX TO NT 


TANDEM LAUNCHES 2 NODE CLUSTER SERVER 


c 


Alston tries to boost Australian e-commerce 


J 


I n an attempt to boost the use of electronic commerce in Australia, the Federal 
Government has announced a proposal for a body to be created to help set up a 
security authentication infrastructure. 

Called the Policy and Root Registration Authority (PARRA), the body will allow 
different security keys to be registered with it. "Government has responsibility to put in 
place as soon as possible a simple and consistent legal environment which enables the 
online economy to grow and prosper," said Senator Richard Alston, minister for commu¬ 
nications and the arts. 

Alston also stated that the government wouldn't impose encryption controls, such as 
those implemented by the US Government, that restrict the export of Australian security 
controls. 


c 


8 way NT server due by October 


J 


D efying those who say Windows NT isn't reliable enough for mission critical applica¬ 
tions, NCR will be rolling out its 8 processor WorldMark 4300 Server for general 
availability by October. The server is based on the Pentium Pro 200 processor and 
will support the upcoming Merced chip. 

"With NT we target the Enterprise," claimed MarkTaylor, computer systems marketing 
manager for NCR. "We take NT into the mission critical space." According to IDC figures, 
NCR is the number one Enterprise Windows NT server company as far as market share 
is concerned. Other companies such as Compaq typically focus on smaller departmental 
servers. 

While Windows NT systems are typically limited to four processors, at least until NT 
5.0 comes along, NCR manages to have 8 way 
systems through its own Octoscale system. 
This works by replacing the usual Orion 
memory with AMC (Advanced Memory 
Controller) chips and by splitting the P6 bus 
into two, so that there are two motherboards 
with four processors each, all sharing the 
same memory pool. 

With most of NCR's clients coming from the 
banking and retail space, its not surprising that 
these systems are not for your average LAN. 
While pricing hasn't been announced yet, you 
can expect them to be above the $50,000 
mark. 

For more information, contact NCR on 02 9964 
8111, or by web site at http//www.ncr.com 



NT on the go 


Windows NT is now running on pen tablet com¬ 
puters, allowing 32 bit applications greater 
mobility than ever before. Fujitsu will launch 
locally the first pen tablet computer with 
Windows NT later this month. 

The Stylistic 1200 hand-held tablets, designed 
for use whilst walking or standing, are compact 
(283 x 188 x 41mm), light (1.8kg) and feature a 
durable metal barrelled pen. The tablet can be 
held on either the left or right side, and the grip 



unit easier to hold. External mechanical controls 
are eliminated with the inclusion of hot pads that 
allow settings to be adjusted with the pen. 
There are 12 ports located at the end of the sys¬ 
tem that provide for the connection of an array 
of external devices. Included are PCMCIA, IrDA, 
two RS-232 serial ports, monitor and parallel 
ports as well as speaker, keyboard and mouse 
connections. 

The system supports four LCD display technolo¬ 
gies, allowing TFT and DSTN colour display and 
monochrome displays for both indoor and out¬ 
door environments. The Stylistic 1200 runs on a 
120MHz Intel Pentium processor and has 256KB 
Level 2 cache memory and a 2.5" hard disk with 
a 1.4GB capacity, with an optional 2.1 GB to 
meet increased enterprise demands. 

The pen tablet computer is priced at $8,200. For 
further information contact Mobile Computer 
Systems on 02 9967 4280. 
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Using the Web for report generation 



The package is divided into two compo¬ 
nents, namely the designer and the print 
engine. The print engine is a free runtime 
component which developers can use in 
their applications. 

Crystal Reports Professional edition 
comes with SQL and ODBC database 
connectivity and is priced at $570. 

Crystal Reports Standard edition, 
which comes with PC access 
only, costs $295. 

The local distributor, Aeronaut 
Industries, can be contacted on 02 
9436 1175 


Management feature to be included in NT 5.0 


A new feature of Windows NT Server 5.0 has been announced. Called IntelliMirror, it 
will automatically mirror user applications, customise settings and data to a 
network server using caching and synchronisation techniques. With IntelliMirror, 
users can access all their data whether or not they are connected to a network and server, 
with the assurance that their data is safely maintained on the server. 

IntelliMirror is part of Microsoft's Zero Administration Initiative for Windows and, 
according to Microsoft, will lower a system'sTotal Cost of Ownership (TCO). Windows NT 
5.0 will fully support it. IntelliMirror will probably be supported in Windows 98, and this 
support will most likely come from an OEM Service Release. Microsoft hopes that NT 
Server will gain more back-end market share by 2000, displacing Unix and legacy 
systems. 

Microsoft further predicts that by 2000, 81 per cent of all systems on the planet will 
be running Windows platforms. 


Getting pumped up with NT 


B P has made the move from Unix to Windows NT for its non-stop yard automation 
system, with the help of local outfit Expert Software. Using Windows NT as an 
applications, communications and database server, the system is designed to 
identify tankers and drivers via card readers, direct them to the fuel bay, control the fuel 
pumping mechanism and print delivery details. Expert Software claims that Windows 
NT is more reliable than Unix, with the new 
system going down less often. 

"We found it was cumbersome," said Gary 
Ebeyan, Expert Software's managing director, 
of the original Unix system. 

Greg Beilby, development team leader at BP, 
agrees. “What we found was that the last Unix 
system we had was on an old platform, which 
wasn't that stable for us," he said. "If it went 
down we had trouble getting it back up." 

Other reasons cited for the move was 
UNIX's inability to use new technology, the 
cost of adding new systems and its TCO (Total 
Cost of Ownership). 

"We are still running some sites under Unix 
on a Motorola box," Beilby said, "but that 
Motorola box cost us $160,000 versus the PC 
which is $12000. There's a big dollar saving in 
there for us." 

Originally designed when Wolfpack (now 
called Cluster Server) was still in its testing 
stage, BP's system is also noteworthy for the 
homemade clustering solution created as a 
failover solution. However, Expert Software 
plans to upgrade to Cluster Server in the 
future. 


Seagate Software has released Crystal Reports 
6, which was previously codenamed Aristotle. 
Designed for displaying reports on the Web, its 
main feature is the fact that reports appear 
through a user's web browser in .rpt format. If 
the client's web browser supports Active X 
technology, then users can generate new 
reports, print them, or drill down and modify the 
report displayed, as well as having the ability to 
edit the report and send changes back to the 
database. 

"It acts like a real application,” said Reed 
DeMordaunt, Seagate Software's sales manag¬ 
er for the Asia Pacific region, when describing 
how it works in a browser environment. 

While the package also works on browsers that 
only support plain HTML or Java, it won't look 
or feel as much like an application as neither 
formats are complex enough. "Active X has 
more features than Java," DeMordaunt 
explained. 
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Automated software distribution 
now has a standard 
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The self-healing Office suite 


M icrosoft briefed the media about its plans for future 
incarnations of its Office platform. Microsoft is 
focusing on lowering the cost of ownership, and is 
aiming for a 50 per cent reduction in the administrative 
overhead for Office users. Microsoft 
^^^admits it hasn't kept its products as 
simple as it would have liked, but 
simplicity is the top priority for the next 
version of Office. The new version will 
sport such features as self-repair, 
which allows a user's file to be replaced 
if it is deleted or lost; installation on 
demand, which intelligently installs templates 
and other files from the server as needed; 
support for roaming users; and a run-from-server 
configuration that doesn't require local installations of the 
software. 

Microsoft has not announced a time frame for the next 
Office release. 


Microsoft and Marimba proposed an industry 
data format standard for automating Internet 
software distribution. Vendors such as McAfee 
have been using similar strategies for delivering 
files, such as virus signature update databases. 
The new specification, called the Open Software 
Description (OSD), will address the need for 
pushing complete software packages to end 
users. Several vendors, including CyberMedia, 
InstallShield, Lotus and Netscape have 
endorsed the new specifications. 

The OSD specification provides the necessary 
elements for describing software components, 
version, structure, and relationships with other 
components. This means that clients, such as 
browsers, will know how to handle the files 
appropriately. 

OSD is based on Extensible Markup Language 
(XML), which is also used in the new Channel 
Definition Format (CDF) which was recently 
added to Internet Explorer 4. 


WRESTLING with NTv 
networking? 

Hands-on 

Independent 

Unplugged ' 
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Two intensive hands-on technical training days 
of NTv4.0 networking. 

Phone 1800 654 103 for further details on this 
course or our other hands-on technical training 
programs. You may also like to visit our Web site 
at www.iit-training.cort.au 
On-site and public courses available. 
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Digital touts ultra-thin notebook as 
desktop replacement 


NT maims others in OS war 



Digital has beaten other companies to the 
punch by announcing the first notebook to pro¬ 
vide a 14.1 inch TFT screen. Called the HiNote 
Ultra 2000, it sports a Pentium 166Mhz MMX 
processor, a dual Windows NT or Windows 95 
boot option, a 2.1Gb hard drive, a 20XCD ROM 
drive and 32MB of EDO (Extended Data Out) 
RAM. What makes this notebook unique, how¬ 
ever, is that it fits all of this into a case that's 
less than 35mm thick. 

"Digital is about to move into the premium note¬ 
book space," exclaimed Aaron Blackman, mar¬ 
keting manager for Digital's mobile division. 
According to Blackman, the HiNote Ultra 2000 
is also the first notebook to act as a proper 
desktop replacement. 

"The 14 inch screen is equivalent to a 15 inch 
desktop monitor," he claimed. The reasoning 
behind this is that the curvature of a normal 
screen reduces the overall viewing area. 
Another new feature for the HiNote which pre¬ 
vious models didn't have is a built in docking 
bay that accepts either the CD Rom drive or a 
floppy drive. Previous models required external 
units. However, an external docking station is 
still available for the HiNote, providing a 
Universal Serial Bus (USB) port, Kensington 
locking device and a three speaker 3D audio 
system which Blackman described as "awe¬ 
some." 

Due for release in October, the retail price of 
the HiNote will range from $9,890 to $12,700. For 
more information, Digital can be contacted on 
13 23 93, or 
by Web site 
at http://www. 
digital. 
com.au 
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D ataquest has released survey results which indicate the decline of every operating 
system, from the desktop to the mainframe, except Windows NT. 

According to Graeme Philipson, principal analyst with Dataquest, "NT growth has 
taken off over the last 18 months and is continuing unabated." 

The survey, which has been conducted over the past few years, had a strong response 
from MIS managers. Similar questions have been posed over the last three years and are 
devised to determine the direction of operating systems. 

Over the next five years it has been predicted that the proportion of networked 
devices attached to Novell NetWare will drop almost 20 percent, whilst those attached to 
Microsoft Windows NT server is expected to rise by the same percentage. Until recently 
Novell has been in denial about the shift in operating system directions. When asked to 
respond to the survey result Novell had previously stated that it is not competing against 
Windows NT. 

Philipson said that Novell finally admits it has a problem although it is "yet to 
determine a strategy to confront the Microsoft juggernaut." Fie believes Microsoft's 
success lies in NT's ability to bridge the gap between operating systems. "The distinction 
between host and server operating systems is becoming meaningless." 

Yet Novell is not 
down for the count. 

According to 

Philipson, Novell is 
used by half of the 
worlds IT users and 
it is this massive 
installed base that is 
its biggest asset. But 
Novell is going to 
have to move 
quickly to ensure 
that it does not lose 

Philipson 
believes that many 
MIS managers are 
concerned about 
Microsoft's domi¬ 
nance of the market, 
but the standardis¬ 
ation that Windows 
NT is providing in 
the market is 
making the move to 
NT an easy choice. It 
will be interesting to 
observe Novell over 
the next year to see 
how they will face 
these challenges. 


Proportion of networked devices in your organisation 
will be attached to the following server types 
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Frontpage 98 Enters Beta 


Frontpage 98 has just entered beta. The new version of 
Microsoft's Web development tool adds support for fea¬ 
tures such as the Channel Definition Format, dynamic 
HTML, coordinated graphics, GIF animator, image-edit¬ 
ing tools, and a new navigational site view that is creat¬ 
ed on-the-fly. Frontpage 98 will help weed out broken 
links and duplicate files. The software is available for 
download from Microsoft's Web site at 
http://www.microsoft.com/frontpage 


New ATM standard approved 

Cisco's MPOA (Multiple Protocol Over ATM) layer 3 
switching technology has just been approved as a stan¬ 
dard. According to Cisco, products that support it should 
become available from the end of this year. 

Targeted at campus networks, Cisco claims that MPOA 
will benefit organisations that use Intranets. The reason 
is that MPOA reduces the strain on routers by providing 
direct communication paths between Virtual LANS. 
Supporting both IP and IPX protocols, it also uses exist¬ 
ing standards such as NHRP, MARS, RFC 1577 and LANE. 
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57 Channels and nothing on? 


) 



N ow that Internet connectivity is 
almost a given for most 
companies, what's next? Fancier 
email clients? Better Web browsers? 
Think bigger — live audio and video. 
Multimedia applications are exploding 
like never before, and the market 
movement verifies the heavy interest. 
The future of streaming multimedia 
might not only be in delivering tele- 
vision-style programming to a 
computer desktop, but in delivering 
business-oriented programming, such 
as computerised and live training, and 
video teleconferencing overWANS. 

Microsoft announced it has acquired 
VXtreme, maker of live video streaming 
software. In addition, Microsoft announced it's lining up 30 partners, including 
well-known firms such as AudioNet and VDOnet, to encourage the growth of the 
broad multimedia streaming market. Microsoft currently offers its own live 
audio/video streaming software, called NetShow which runs on Windows NT. 



Document management added to Domino 

Lotus has announced Domino.Doc, a document management package 
designed for the Internet and workgroup environments. 

Domino.Doc enables files to be shared, accessed and managed. 
Documents can be reviewed and amended whilst the files location and 
security status is maintained on the system. Applications can also be 
created to move documents through an approval process. 

The product interface integrates Web browsers, Notes clients and 
standard desktop applica¬ 
tions using the industry 
standard Open Document 
Management API. 

Domino.doc is priced 
on a client/server model. 

The uni-processor server is 
priced at $6,460 and the 
symmetrical multi¬ 
processor server is priced 
at $19,379. 

For further information 
contact Lotus on 02 9350 
7700 or at Web site http:// 
www.ddmdiscovery.com 

















New servers with Pentium II 


Fujitsu has released its new series of single and 
dual processor servers for the corporate mar¬ 
ket, incorporating Pentium II technology. 

The single processor Ci series and the single or 
dual processor Gi model. Both series offer 
233MHz and 266MHZ versions, with 512KB 
cache, 32MB of memory with expansion to 
512MB and an integrated 10/100 MB Ethernet. 
The Ci series has three exchangeable drives, 
three PCI and two ISA slots, whilst the Gi model 
includes five PCI and 2ISA slots. 

The new Pentium II servers support Windows 
NT and are currently available. The Gi models 
are priced from $11,950 and the teamserver Ci 
models start at $6,955. For further information 
contact Fujitsu on 02 9887 9222. 


Datawarehousing. NT-style 

VMARK has released the second version of its 
DataStage datawarehousing package, which 
only runs on Windows NT. The reason for this is 
Windows NT’s low cost of entry, according to 
Gari Johnson, VMARK's marketing manager. 
Designed to extract data out of traditional data¬ 
bases and transform them into a more appro¬ 
priate format, DataStage provides a purely 
graphical front end, so that no programming is 
required. For those concerned with the year 
2000 problem, Johnson believes that DataStage 
can also help people out with converting dates. 
New features include an enhanced GUI; exter¬ 
nal plug-in stage APIs to support database 
loaders from Informix, Red Brick and Sybas and 
support for Standard Component Architectures 
such as Active X, Java and CORBA. 

DataStage is priced at $9,500 for the developers 
kit, while the runtime version costs $13,000. 


For more details contact VMARK on 02 9900 
5600, or by web site at http://www.vmark.com 
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Tandem releases its two node cluster server 


) 



T andem has released what it claims is the first two node cluster designed to run 
Microsoft's Cluster Server. Called the CS150, it has two multiprocessor Intel based 
Pentium Pro servers in a single cabinet. 

While Peter Neuhold, Tandem's Windows NT product manager admits that other 
companies have two node clustering systems, such as Data General's Cluster in a Box, 
only Tandem's system is packaged in a single cabinet. 

"Theirs (Data General's) is simply a rack mounted system that incorporates two nodes 
that are linked together-there's nothing special about that," Neuhold said. "Whereas 
CS150 is specifically that kind of configuration in one tower-style cabinet." 

Targeted at distributed processing applications such as retail in-store processing and 
call centres, the CS150 is 
largely designed as a fail 
over system. Together the 
two nodes can support up 
to 310 gigabytes of storage. 

The CS150 also includes 
Tandem's ServerNet tech¬ 
nology, which is designed 
to provide a clustering 
communication system 
that mirrors the communi¬ 
cated data for fault 
tolerance. Available now, 
the CS150 is priced from 
$30,000. 

For more information, 
contact Tandem on 02 9770 
7222, or by Web site at 
http://www.tandem.com 


( NT update ) 

Getting bigger by the day, Windows NT 5.0 looks set to include a manual version of Executive 
Software's Diskeeper package. Diskeeper, which was reviewed in our June issue, is a disk 
defragmenter designed to maximise system performance. However, as the bundled version 
will only be manual, users will have to upgrade-and thus pay-if they want the automatic defrag¬ 
mentation features. Visit http://www.diskeeper.com for more upgrade details. 


Microsoft recently released a new version of its Telephony Applications Programming 
Interface Software Developer's Kit (TAPI SDK). TAPI 2.1 lets the developer create telephony 
applications and add telephony to existing applications. The product abstracts the hardware 
layer to give developers and users network and device independence. TAPI 2.1 enables appli¬ 
cations for use with the Public Switched Telephone Network (PSTN), ISDN, PBX systems, and 
IP networks, and provides full client/server telephony and enhanced server administration 
tools. TAPI 2.1 is available for Windows NT Server 4.0, NT Workstation 4.0, and Windows 95. 
The SDK is free, http://www.microsoft.com/ntserver/info/tapiabout.htm 
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Microsoft Exchange Server 


outconfigures, 
outadministers, 

outscales, 
outfeatures, 
outmails 

and generally 

outinternets 

other messa gj n g and 

collaboration systems. 

(Outrageous? Not according to the experts.) 



In comparative reviews by Network World and 
Network Computing, Microsoft Exchange Server 
prevailed over Lotus cc:Mail, Lotus Notes/Domino, 
and Novell GroupWise as the Internet messaging 
champ. Microsoft Exchange Server garnered an 
overall score of 8.7 on a scale of 1 to 10 in Network 
World’s review. And Network Computing dubbed 


Microsoft Exchange Server its “Editor’s Choice.” 
Further proof that Microsoft Exchange Server is 
the best messaging and collaboration system 
available today—the recent Burke Marketing 
Research study. It concluded that 70% of IT 
Administrators prefer Microsoft Exchange Server 
over Lotus Domino and Netscape Mail Server. 


Test it yourself: Try Microsoft Exchange Server 5.0 free for 120 days. 
www.microsoft.com/exchange/promo/eval/ 


Microsoft 

Where do you want to go today?® 


Network World review published March 10,1997, Network Computing i 
© 1997 Microsoft Corporation. All rights reserved. Microsoft and 
Other product and company names mentio 


.5,1997. Burke Marketing Research ( 
today? are registered trademarks of 






Email management made easy 


Odyssey Developments has released ISYS ver¬ 
sion 5 for both desktop and Web environments. 
Building on ISYS' array of search features the 
new version includes an index and search 
engine for email. This tool allows you to organ¬ 



ise your email and fast access to the informa¬ 
tion when required. Searches can be conduct¬ 
ed in plain English, through the menu or com¬ 
mands, using fuzzy logic or synonym searches. 
Management of email information is through a 
'Knowledge Warehouse' where important files 
are stored and the index is automatically updat¬ 
ed across the database. Incorporated into ISYS' 
indexing technology is its 'Super Sleuth' ele¬ 
ment which is designed to locate items within 
a designated field. Even when the items cannot 
be located, this tool will still be actively search¬ 
ing new files for the required information. 

ISYS Web 5 offers features that are similar to 
those found in the desktop version including 
summary indexing, intelligent numbers, and 
automatic indexing and Office 97 compatibility. 
The new version also builds on its ability to 
dynamically convert documents to HTML. 
Webmasters are also able to convert docu¬ 
ments to a WYSIWYG HTML that maintains 
most formatting within the capabilities of HTML. 
The ability to conserve bandwidth through an 
outline browse feature. Sections of large docu¬ 
ments that contain the search hits are retrieved 
to the browser, with the option of viewing 
expanded documents. 

Pricing for ISYS Version 5, from Odyssey 
Development is from $525 and $180 for an 
upgrade. ISYS WEB 5 is priced at $7,500. For 
further information contact Odyssey on 02 9439 
5800 or at Web site http://www.isysdev.com 


Internet security opens e-commerce doors 


I ntellect has updated Inte-com, its Internet security product to support HTML browser 
based interface. Inte-com is currently used in on-line banking, and is being used in 
Internet funds management. 

Inte-com has recently been incorporated into Australia's first Internet funds 
management application. First State Fund Managers has just launched its on-line 
investment facility, FirstNet using the cryptography platform. The Internet site allows 
investors to access investment and superannuation account details from their home or 
work environments.Three Australian banking organisations have also incorporated Inte- 
com as a security aspect of their on-line banking services. 

Inte-com's security features include encryption, message and server authentication 
whilst support for Java and HTML are recent additions. The introduction of the Java 
Application Programming Interface support enables the deployment of Inte-com appli¬ 
cations across platforms. HTML applications can be secured and developed using Inte- 
com.The HTTP service when combined with a Java Applet, Plug-in or Active X control in 
the browser allows for the dispatch and retrieval of HTML files through a secure channel. 

For further information contact Intellect on 08 9333 4333 or at Web site 
http://www.intellect.com.au 
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NEC gets serious about servers 


3 


N EC is "very 
serious about 
the server 
business," according 
to Norm Hall, general 
manager of sales. 

"NEC can't just keep 
selling boxes." 

NEC recently launched 
its latest Express 5800 
series of APRO PC 
servers. Stating that it is number one in Japan with the same product, NEC predicted that 
2000 units would be sold in Australia. 

The third generation of servers incorporates the Pentium II chip in the 120APRO 
server, while the 130APRO uses Intel's Intelligent Input/Output pre-processor technology 
that will be supported by Windows NT 5.0. Designed to assist Pentium Pro processor effi¬ 
ciency by handling all machine interrupts, it frees up the host processor to process appli¬ 
cations. 

The middle-tower 130APRO comes standard with either a single or dual 200MHz 
Pentium Pro processor, 32MB of internal memory, expandable to 1GB, 256 KB of level 2 
cache, a 4GB hard drive and a 10/100Base -TX networking interface. Integrated SCSI 
primary and secondary hard-drive controllers and a 16x MAX CD-ROM drive are also 
featured. 

Server prices range from $4410 for the 110APRO small workgroup server to $14,170 for 
the 160APRO high performance PC server. 

For more information contact NEC on 02 9930 2000 or at its Web site at 
http://www.nec.com.au 
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OMNIS allows Active X and Java to work together 

O mnis Software has launched Omnis Studio 1.1, which it claims is the first RAD 
(Rapid Application Development) tool that can create crossware applications. By 
crossware, Omnis means software that can be used on different platforms, access 
different databases, use different object types and architectures. 

"It's the only product that supports Active X and Java natively," said Pat McEntee, 
vice president of marketing for Omnis. According to McEntee, the market needs 
crossware applications now that the Internet is being used more for applications that 
often have to work with varying platforms and standards. Studio 1.1 also accepts OCX, 
VBX, C++, OMNIS object types. 

Designed primarily for creating web applications that can interrogate databases, 
Omnis Studio 1.1 provides native drivers for Oracle, Sybase, Informix, SQL Server, 
ODBC and EDA/SQL. It can also be deployed on Windows 95, Windows NT, Windows 3.1, 
MacOS and OS/2, with future support promised for HP/UX and Sun Solaris. 

It also uses OMNIS Script, a proprietary Universal Scripting Language that combines 
two languages into one.The first is a hierarchical, fourth generation language designed 
for manipulating course-grained objects and components; while the second is Dot 
Notation, a self articulating language that describes itself or any other object or class 
down to individual events, methods and properties. 

OMNIS Studio is priced at $2299. Also available is Omnis Studio Production 
Manager, a version control tool priced at $1099, as well as Omnis Studio Data Access 
Manager which is priced at $1899. 

Relying on a graphical interface, Omnis Studio 1.1 works by providing you with 

different palettes that 
offer a variety of tables 
and objects that can be 
dragged and dropped. 
"It's visually beautiful," 
enthused McEntee. 
Contact the DLA Group 
on 02 9262 2255, or for 
more information see 
the Web site at 
http://www.omnis- 
software.com 



Remote access solutions for 
enterprise 


Bay Networks will ship next month its new 
remote access concentrator that will support 
mixed-traffic dial access. 

The model 8000 RAC will provide a choice of x2 
or K56flex technologies to be released in com¬ 
ing months, as well as integrated routing 
capabilities. The RAC combines digital 
modems, ISDN Primary Rate and El interfaces 
connectivity, as well as supporting 56Kbps 
data rates. 

Service providers will be able to offer users 
management and security features including a 
Remote Authentication Dial-in User Service 

Bay Networks 

that provides user authentication and authori¬ 
sation. Customers can access the Internet by 
dialling the 8000 RAC at a Point of Presence 
(POP) using either analogue or digital modems 
or ISDN connections. Network traffic can be 
routed to meet users needs encompassing a 
combination of protocols if required. 

The Model 8000 remote Access concentrator 
is priced at $38,906 for two primary rate inter¬ 
faces or channelised El interfaces and 62 
modems. 

For further information contact Bay Networks 
on 1800 81 70 70 or by its Web site at 
http://www.baynetworks.com. 
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RAID or Redundant Array of Inexpensive (or Independent) Disks, can improve disk drive performance by 


spreading data across multiple disks that are treated as one logical drive. A RAID subsystem can 
enhance system performance, provide fault tolerance, simplify the process of adding disk capacity, and 
make building extremely large disk volumes possible. 




RAID has been around on UNIX and 
mainframe systems for many years, and the 
technology was built into Windows NT 
^|w^the start. With the flurry of activity 
^KSKtnding NT clusters and server scala- 
. bilityc RAID has recently gained new 
exposure in the NT market (see the 
August 1997 issue for more information 
about NT-based cluster solutions). But 
what is RAID? And how can it help you 
Bmp rove your NT systems’ performance 
and reliability? 

Let’s explore the answers to* these ques¬ 
tions with a detailed technical look at 
RAID options for NT systems. I discuss 
the best RAID levels to use for optimising 
performance and fault tolerance, and pro¬ 
vide some general guidelines for choosing 
a RAID system. For an introduction to 
RAID, see the sidebar, “RAID Levels”. 


Hardware and Software RAID 

The two types of RAID are hardware 
RAID, in which the d isk controller per¬ 
forms the RAID Sanctions, and software 
RAID, in which the operating system per¬ 
forms RAID functions. NT 4.0 lets you 


use hardware- or software-based solutions 
or combine the two to achieve the best 
performance and fault tolerance. 

Many vendors, including Adaptec and 
Compaq, provide hardware RAID solu¬ 
tions (disk controllers and array chassis) 
that offer many of the RAID levels listed I 
in “RAID Levels.” RAID 0, 1, and 5 are 
the most common. As a rule, hardware- 
based RAID solutions are faster and more 
reliable than software-based ones.They also 
offer a greater range of configuration 
options. Of course, they’re more expensive 
than using NT’s built-in RAID, but if you 
want the best performance, strongly con¬ 
sider including hardware-based RAID in 
your overall system budget. 

NT supports RAID functionality, offer¬ 
ing software settings for RAID 0 in NT 
Workstation and 0,1, and 5 in NT Server. 
The advantages of software RAID are the 
convenience of built-in software and cost. I 
However, performing RAID functions j 
through the operating system instead of j 
offloading them to a separate controller 
can slow server performance. 

As you can see in “RAID Levels,” each 
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RAID Levels 


RAID levels 0,1, and 5 are the most commonly available hardware for a volume (however, few-if any-implementations are available for 
RAID solutions for Windows NT systems, and NT includes them. NT). 

Asterisks denote RAID levels available for NT only through hardware 
controllers or combinations of hardware and software. 


Comments 

Data is striped, or spread 
across, one or more drives 
in parallel. 


RAID 0 is ideal for environments in which performance (read and write) 
is more important than fault tolerance or you need the maximum 
amount of available drive capacity in one volume. Drive parallelism 
increases throughput because all disks in the stripe set work together 
on every I/O operation. For greatest efficiency, all drives in the stripe 
set must be the same capacity. Because all drives are used in every 
operation, RAID 0 allows for single-threaded I/O only (i.e., one I/O 
operation at a time). Environments with many small simultaneous 
transactions (e.g., order entry systems) will not get the best possible 
throughput. 


RAID 1 is useful for building a fault-tolerant system or data volume, 
providing excellent availability without sacrificing performance. (NT 
does not support a RAID set as the boot volume-this capability 
requires a hardware controller). However, you lose 50 percent of 
assigned disk capacity. Read performance is somewhat higher than 
write performance because NT reads data off the drive whose head 
is closest to the desired sector (called locality of reference); all write 
operations are made to both disks simultaneously. 


Comments 

One physical drive is dedicated with 
parity to parity data (i.e., information 
the disk controller calculate to 
determine missing data on other 
disks); data is striped in blocks 
across multiple drives as in RAID 0. 


RAID 3 offers the performance of RAID 0 with the fault tolerance of 
RAID 5, but with cautions. As with RAID 0, RAID 3 uses single-threaded 
I/O but with a standard 256KB data transfer block. Streaming data 
applications such as video-editing systems benefit simultaneously 
from disk parallelism, fault tolerance, and the large-block transfers. But 
database applications or others with many small transactions issued 
simultaneously/night have problems. 

RAID 2 is similar in concept to RAID 3 but writes in single bits to the 
drives in the stripe set rather than in blocks, thus requiring many drives 


Comments 

One physical drive is dedicated 
with parity to parity data. The 
striping algorithm differs from RAID 3 
in that a data word is written to one 
drive, the next word to the next 
drive, and so on. 


RAID 4 is similar to RAID 3 but uses a round-robin algorithm for writing 
data to the stripe set. Because RAID 4 has to generate parity data on 
one drive, write operations are single-threaded, but reads are 
multithreaded (i.e., are performed via multiple simultaneous I/O 
requests) because not all drives are involved in every transaction. 
RAID 4 is better for an environment requiring more discrete 
transactions per second. Both RAID 3 and 4 use the minimum number 
of drives to achieve fault tolerance. 


Comments 

Parity data is distributed across 
with parity all drives in the volume. 
Normal data and parity data are 
written to drives in the stripe set in a 
round-robin algorithm, similar to 


RAID 5 is multithreaded for both reads and writes because both normal 
data and parity data are distributed round-robin. This is one reason 
why RAID 5 offers better overall performance in server applications 
than either RAID 3 or 4. Random I/O benefits more from RAID 5 than 
does sequential I/O, and writes take a performance hit because of the 
parity calculations. RAID 5 is ideal for database applications. 


Comments 
3 The parity information has 

with parity its own parity data. 


RAID 6 is essentially RAID 5 enhanced, such that two drives in the 
oe set can fail because the distributed parity information has its 
i parity and is thus redundant. 


Comments 

Also known as RAID 0+1 
or RAID 6 stripe sets by some 
manufacturers. 


You can build RAID 10 either directly through the RAID 
controller (depending on the controller) or by combining software 
mirroring and controller striping, or vice versa (called RAID 01). 










level has different performance character¬ 
istics, fault-tolerance capabilities, and 
drive usages. Some levels offer excellent 
all-around performance, and others sacri¬ 
fice this performance to gain fault toler¬ 
ance. Because each level is suited to a 
particular environment, your main chal¬ 
lenge when choosing a RAID subsystem 
is to decide which RAID level to use on 
your server under what conditions. Let’s 
look at the tradeoffs of the RAID levels 
most commonly used in NT systems and 
some tips for choosing the best RAID for 
your system. (See “RAID Tips,” for some 
RAID-optimisation hints. And for infor¬ 
mation about other ways to improve disk 
subsystem performance besides RAID, 
see “Pumping Up Your Server”.) 

Optimising for Performance: 
RAID 0 

Disk performance is a critical factor in 
server performance. Disk access is much 
slower than memory access.Therefore, the 
faster your disk I/O, the faster your serv¬ 
er’s response time. As a rule, RAID 0 (i.e., 
plain disk striping) provides the fastest 
I/O and thus the best performance. 

RAID 0, or normal striping, splits data 
blocks (chunks of data) across multiple 
disks simultaneously. The group of disk 
drives containing the split data is called a 
stripe set; the size of each data piece 
depends on how many disks are in the 
stripe set. Striping means all drives are 
active for every I/O transaction and that 
each drive in the stripe set does less work 
per transaction. Less work means faster 
performance. 

You can immediately benefit from 
RAID 0 by using NT’s Disk Administrator 
to create stripe sets. This approach lets you 
create larger disk volumes under NTFS 
(FAT has a 2GB partition limit) and 
improves disk I/O performance. 

Software striping via Disk Administrator 
is useful for just about any application, but 
with some cautions. First, software striping 
causes some minimal additional CPU 
overhead because NT now has to calculate 
striping instead of just passing I/O 
requests to the disk controllers. However, 
with today’s fast CPUs, this overhead is 


• Separate I/O types: keep write-intensive and read-intensive environments 
on separate physical devices. 

• Keep random activity and sequential activity on separate devices. 

• Match the RAID level's characteristics to the volume in question; for 
example, don't put a write-intensive application on a RAID 5 volume. 

• Use Fast drives, such as the new lOK-revolutions-per-minute 
(RPM) drives. 

• Use SCSI, not IDE or EIDE. SCSI's extensibility and performance far 
exceed IDE's for server applications (even EIDE maxes out at 17MBps 
data transfer rates). 

• Use a RAID volume (such as 0) for your page file to enhance virtual 
memory performance. 

• Use multichannel hardware-accelerated disk controllers. 

• Keep an eye out for Intelligent I/O (120) devices, which offload I/O 
processing to dedicated CPUs on peripheral cards such as RAID and 
network controllers.This approach achieves much greater throughput 
with a small fraction of the impact on the system's main CPU(s). 


not a problem because the processing 
takes a very small percentage of the CPU’s 
overall capacity and the performance ben¬ 
efit of using multiple drives is greater than 
the performance hit. Systems with old 
processors (386, 486, or even slow 
Pentiums) may have more difficulty, and 
you need to augment them with a hard¬ 
ware RAID controller, which offloads 
RAID calculations from the system’s main 
CPU or CPUs. 

Second, be careful of where disks are 
located in the system. If you stripe disks on 
two or more SCSI controllers (called con¬ 
troller multiplexing), you’re asking NT to 
calculate which data goes where in addi¬ 
tion to figuring out the striping, not to 
mention processing overhead, system bus 
traffic, and processor interrupts for han¬ 
dling multiple cards. Again, older systems 
may have trouble handling this processing. 

Try to stripe disks only on the same 
controller for the best performance, unless 
the capacity simply isn’t enough from one 
SCSI card. You can compensate for the 


above problems by using a hardware 
RAID controller that has specific circuit¬ 
ry for handling these calculations and 
multiple channels for enhancing perfor¬ 
mance and adding capacity (a multichan¬ 
nel card uses only one interrupt). 

The big drawback of RAID 0 is that it 
offers no fault tolerance: if one drive in the 
stripe set dies, the entire volume is unre¬ 
coverable. Also, the number of drives you 
use in a stripe set has a point of diminish¬ 
ing returns. 

For example, the results of testing 
Microsoft SQL Server 6.5 scalability 
showed that six drives were the effective 
limit for a Compaq ProLiant 5000 with a 
Smart 2/P Array Controller; more drives 
improved performance minimally. This 
minor improvement is because the 
mechanics of the situation catch up with 
you (as the number of drives in the stripe 
set goes up, the block size goes down; if 
the block size drops below the stripe 
width, the advantages of striping dimin¬ 
ish). In addition, you saturate the SCSI 
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Pumping Up Your Server 

Optimising your server's (or workstation's) disk sub¬ 
system involves more than just disk drives.The relevant 
controllers, protocols, and configurations have just as 
much of an effect. Let's look at some non-RAID tips for 
improving the performance of or administering disk 
controllers. 


Tip 3. Balance Drives Evenly Across Channels. 


rates. 

Tip 2. Spread RAID Volumes 

Across Tip 5. Use an Onlim 

9 Configurable Controller. 

Channels Intelligently. 

Online configurable coni 

Toilers improve disk subsystem 


Tip 1. Use Multichannel RAID Controllers. 


Your main concern when optimising performance is the 
RAID controller. Of course, you want it to have the latest 
and fastest electronics possible (e.g., PCI; a fast I/O 
processor such as the Intel i960 or equivalent from AMI 
or Symbios), but you also want it to have multiple 
channels. This requirement is like having multiple SCSI 
cards in the same sloMhe controller uses only one 
interrupt and can fully use the available bandwidth of the 
peripheral slot (such as the full 132MBps on standard 32- 
bit PCI). Multichanneling provides the advantages of 
controller duplexing without the costs usually associated 
with it, because you can use all channels with common 
circuits for optimal performance. 


Also keep in mind how disks are arranged across your 
controllers. Too many disk drives on one channel (such 
as 15 drives on a SCSI-2 bus) don't help system 
performance, because you run out of bandwidth. In 
addition, just as with adding CPUs to the system, you 
reach a point of diminishing returns on performance 
enhancement-each added drive results in less of a 
percentage growth (ideally, from one to two drives: 50 
percent; two to three: 33 percent; three to four: 25 
percent). Without enough drives, you aren't using all 
your controller's single-channel performance. The just- 
right level is when you balance drives evenly across 
channels. 


Tip 4. Choose High-Speed Disk Drives. 


When setting up a disk subsystem (either for upgrade 
or a new system), also consider the speeds of the phys¬ 
ical devices you use.The new 4GB and 9GB drives are 
faster than the old 2.1GB ones (such as the new 10K- 
RPM Cheetah drives from Seagate) with higher revo¬ 
lutions per minute (RPMs) and greater burst transfer 


Using multiple channels effectively means spreading your 
RAID volumes across them in a way that maximises your 
use of available bandwidth. For a simple two-channel 
controller, you must put each drive in a mirror set on its 
own channel or put half of a RAID 0 volume on one 
channel and the other half on the second channel. For 
advanced controllers with three or four channels, try to 
use them all. Go beyond just spreading the volume across 
the channels-use them intelligently. For example, with a 
four-channel card, you could build a RAID 01 volume 
whose mirror sets each span two channels, but the 
striping spans all four. You can use even a two-channel 
card more efficiently with an intelligent configuration, 
such as a RAID 10 volume that stripes and mirrors on both 
channels simultaneously. You'll need to play around with 
the configuration to see what suits your needs best. 


uptime and manageability by letting you dynamically 
change your disk layout without powering down the 
server or even taking the disk volume offline. For 
example, you can extend a RAID 5 volume's capacity by 
adding more drives while it's actively running a 
database application-a performance hit will occur as the 
controller rebuilds the volume, but the system remains 
online. 

You can use the same features for changing the RAID 
level running on the system (such as from 5 to 0). Some 
controllers are configurable through a command¬ 
line interface (a DOS-like window), while others have 
a fully NT-integrated GUI. Both alternatives are better 
than booting the server into the card's firmware, but 
Windows-standard administration software can make 
your life a little easier. 


channel with too many drives. New con¬ 
trollers with faster hardware, such as Wide 
SCSI-3 and Ultra-2, raise this limit 
because they can run at 40MBps or 
80MBps and use wider (32-bit) data 
words. (See “RAID-Related Terms,” for 
definitions of the SCSI standards and other 


terms.) Another issue is that more drives 
mean greater probability for failure. 

Some experts recommend that you 
never use RAID 0 alone on a server. 
However, the question is one of cost vs. 
performance, so RAID 0 with an aggres¬ 
sive backup policy may be worthwhile. 


Optimising for Fault Tolerance: 
RAID 1 and 5 

Optimising your server’s disk storage is a 
balancing act: you want the best possible 
performance, but you need to protect your 
data, too. RAID 1 and RAID 5 are two 
widely used methods for protecting data. 
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RAID-Related Terms 
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RAID 1, disk mirroring, is most 
often used for smaller critical data 
volumes. It gives you complete 
fault tolerance (either drive in the 
mirror set can fail without affect¬ 
ing system integrity or perfor¬ 
mance) and slighdy better perfor¬ 
mance than no RAID. The trade¬ 
off? Because both drives are exact 
copies of each other, you get only 
50 percent of the disk capacity 
you purchased. 

RAID 5 is the most common¬ 
ly used option for fault-tolerant 
disk volumes in NT because 
most manufacturers implement 
and support this method, it is 
part of NT Server, and it offers a 
reasonable compromise between 
performance and disk capacity. 
RAID 5 offers enhanced perfor¬ 
mance, protection, and far less 
capacity loss than RAID 1. 
Because you can build a RAID 5 
volume out of as few as three 
drives, the maximum capacity 
you lose is 33 percent; the more 
drives you add, the less total 
space you lose. RAID 5 offers 
better I/O read performance 
than no RAID at all and in some 
cases, is even better than RAID 0 
(because of the striping algo¬ 
rithm used). The drawback of 
RAID 5 is that write perfor¬ 
mance suffers significantly be¬ 
cause every I/O operation 
requires a parity calculation. This 
performance hit in software 
RAID 5 is high; you’ll probably 
want to use a fast RAID con¬ 
troller to compensate for the 
overhead. 

The advantages to RAID 5 are 
that you can build very large 
fault-tolerant disk volumes, and 
any drive in the stripe set can fail 
without damaging data. 
However, fault tolerance doesn’t 
mean you won’t suffer a little if a 
drive fails. When one drive disap¬ 
pears from the stripe set, either 
your system CPU or the RAID 
controller must compensate on 
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the fly by using the remaining data and 
parity information to reconstruct the data 
for every I/O request. Depending on your 
system and controller, this reconstruction 
could mean as much as a 50 percent per¬ 
formance hit on that volume-but at least 
you’re still running! 

In NT, this recovery process is auto¬ 
matic (as it is on hardware controllers). 
NT also automatically rebuilds the vol¬ 
ume when you replace the faulty drive. 
As soon as the system gets a new drive, it 
begins the background process of recon¬ 
structing the data on the new drive in the 
same way it handles I/O requests on the 
fly (this process can take several hours, 
depending on the volume/disk size).The 
process slows performance (more with 
software RAID than on an accelerated 
controller), but as soon as reconstruction 
is finished, system operations return to 
normal. 

Also note that in software RAID 5, you 
often cannot break the set to add a new 
drive. Such behaviour makes RAID 5 on 
NT not such a great option, and some 
experts never recommend this approach. 
In contrast, this issue does not arise with 
hardware RAID. 

Other Fault-Tolerance Options 

Two additional RAID fault-tolerance 
hardware options are RAID 3 and 4. 
Although they’re less common on NT 
systems than other options (and NT does 
not support them), they offer fault toler¬ 
ance through striping with parity data. 

In addition to providing fault tolerance 
through RAID, some disk controllers 
have special features that ensure availabil¬ 
ity in the event of a disk crash. Some 
RAID arrays feature hot-swap drives: you 
can remove and insert disks without 
powering off the disk cage or even the 
specific slot. 

A hot swap-capable array should never 
go down due to a drive failure (barring 
component death of the backplane, faulty 
power supplies, or similar problems). 
Systems without hot-swap drives require 
you to power down the system to replace 
a bad drive. In systems with hot-swap 
bays, the controller/software detects the 
new drive coming online and begins 


repairing the volume. 

Another option is a hot-spare - a drive 
in the array that waits in standby mode. If 
any other drive in the array fails, the sys¬ 
tem automatically switches over to the 
hot-spare and begins rebuilding, without 
administrator intervention. When you 
replace the faulty drive, it becomes the 
new hot-spare.You can enable hot-spares 
through the controller’s BIOS or man¬ 
agement software. 

The Best of Both Worlds 

A few combined RAID levels (e.g., 
RAID 10, 30, or 50) offer both perfor¬ 
mance and fault tolerance by using two 
forms of RAID on the same logical 
volume at the same time. As you might 
expect, you pay more to have both capa¬ 
bilities. This extra cost is because NT’s 
Disk Administrator tool alone won’t 
let you combine RAID levels; to do this, 
you must combine a hardware RAID 
controller with NT’s RAID software 
functions. 

One combined RAID level is 
RAID 10, also called mirrored stripe sets 
(i.e., a RAID 0 stripe set is mirrored to 
another stripe set). RAID 10 offers excel¬ 
lent gains in read and write performance 
in sequential and random transaction 
environments. In fact, it’s the best overall 
performer of all RAID levels. The cost, as 
with mirroring, is that you lose 50 per¬ 
cent of your planned disk capacity. But, 
where simple mirroring (RAID 1) costs 
you only one drive per mirrored set, 
RAID 10 costs you as many drives as are 
in the RAID 0 stripe set (which can 
get expensive). Like RAID 1, RAID 10 
makes a fault-tolerant volume with 
the performance advantages of striping 
and no performance hit in the event of a 
drive failure. 

Another combination of RAID 0 
and 1 is RAID 01, or striped mirror sets, 
which has similar characteristics to RAID 
10. The main difference between RAID 
10 and 01 is which RAID level the hard¬ 
ware controller handles and which the 
software handles. In RAID 10, for exam¬ 
ple, if the software handles the striping, 
the controller performs the mirroring; in 
RAID 01, vice versa. 


Not all RAID controllers support level 
10 or 01. You’ll need to check which 
RAID levels a controller supports before 
you buy it. However, you can make com¬ 
bined RAID by using hardware for the 
first part (RAID 0 striping or RAID 1 
mirroring) and software for the second 
(the alternative mirror or stripe, respec¬ 
tively). This solution does not perform as 
well as using a RAID hardware controller 
that can handle both at the same time. 
But you can still build high-performance, 
fault-tolerant disk volumes without 
replacing an existing RAID controller. 

Other RAID levels, such as 30 and 50, 
can also enhance performance and fault 
tolerance, depending on your applica¬ 
tions. With them, you can build very large 
disk volumes out of commodity drives. 
However, these RAID levels are of limit¬ 
ed use in most low- to midrange NT 
server situations, unless your goal is to 
experiment or achieve new and interest¬ 
ing disk configurations. RAID 50 is a 
good option on an enterprise-scale serv¬ 
er where you are trying to build a 500GB 
or even 1000GB disk volume. 

The Right RAID 

With the variety of available RAID 
options, you can choose the right balance 
of performance and fault tolerance for 
your site. Mixing hardware and software 
RAID lets you build disk subsystems 
specifically tailored to your needs, such as 
extremely large disk volumes or multiple- 
fault-tolerant arrays. Whatever RAID 
you consider, it’s a disk technology you 
can’t afford to be without. 
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Software/Interoperability 

Access NFS 


Intergraph offers several products to accommodate NFS access from NT 


“J ntergraph has a rich history of ex- 
9 perience with UNIX, starting out 
as a hardware manufacturer and 
■ software developer for the UNIX 
CAD market. In 1991, Intergraph made 
the dramatic decision to switch over to 
Windows NT and focus its hardware and 
software resources on the NT market. 
One of the by-products of Intergraph’s 
market shift was the development and 
release of a series of UNIX-NT integra¬ 
tion and coexistence software products. 

Intergraph Software Solutions (ISS) 
develops, markets, and supports 
Intergraph’s UNIX-NT products. The 
flagship of ISS’s UNIX-NT offerings is 
the AccessNFS line of products. Access- 
NFS includes DiskShare, a server-oriented 
product that lets an NT system emulate an 
NFS server; DiskAccess, a client-side 
product that lets an NT system access an 
NFS server; and AccessNFS Gateway, a 
new server-side product that lets an NT 
system access an NFS server without any 
client-side software. 

I recently had the opportunity to 
work with a beta copy of AccessNFS 
Gateway, which is due for a full release 
this month, and a recent release of Disk- 
Access. Both products offer new and 
unique features in any combined UNIX 
and NT environment. 

AccessNFS Gateway 

In a nutshell, AccessNFS Gateway lets you 
mount NFS directory and printer exports 
on a server system and re-share them on 
the native Microsoft network as standard 
Server Message Block (SMB) shares. 
Conceptually, AccessNFS Gateway is simi¬ 



lar to Microsoft’s Gateway Service for 
NetWare in that it effectively remaps a for¬ 
eign file and print sharing methodology 
into the Microsoft file and print sharing 
methodology. But don’t linger on the 
comparison to Gateway Service for 
NetWare too long. AccessNFS Gateway 
takes a more sophisticated approach than 
Gateway Service for NetWare does. 

Establishing the connection between an 
AccessNFS Gateway server and one or 
more NFS server systems is straightforward. 
You can establish multiple connections, and 
each connection can use a different user- 
name for authentication. As you’d expect, 
AccessNFS Gateway lets you map an NT 
username into its UNIX counterpart and 
supports authentication using either the 
Network Information Service (NIS) model 
(traditionally used for UNIX-to-UNIX 
authentication) or the PC NFS daemon 
(PCNFSD) model (usually used for PC-to- 
UNIX authentication). 

Once the AccessNFS Gateway server 
has been authenticated to an NFS server or 
two, it can mount exported directories and 
printers. Those directories and printers are 
then available as shared resources sponsored 
by the NT system running the AccessNFS 
Gateway server. In other words, you bring 
up the Network Neighborhood map, click 
the NT system running the gateway soft¬ 
ware, and the NFS directories and printers 
appear in the list of resources. Because 
AccessNFS Gateway uses standard 
Microsoft file and print services to deliver 
NFS resources, any Microsoft network- 
aware client operating system — including 
DOS, Windows 3.1, Windows for Work 
groups, Windows 95, and, of course, NT - 


can access NFS directories and printers. 

As with other gateway approaches, the 
big question is: how is file-level security 
handled? For example, if you use 
Microsoft’s Gateway Service for NetWare, 
NT establishes all access rights according 
to the privileges assigned to the single 
server-side user ID that manages the 
NetWare connection. In contrast, 
AccessNFS Gateway lets you use the user 
ID of the client accessing the shared 
resource. To accommodate this method, 
AccessNFS Gateway provides a mapping 
table that translates an NT username into 
its UNIX counterpart. Names not con¬ 
tained in the table are passed through 
directly. Given this approach, the UNIX- 
side access security remains completely 
intact — access to individual directories and 
files is based on the UNIX-side settings. 

DiskAccess 

Since ISS’s client-side NFS products, PC- 
NFS, was released in 1995 it has matured a 
great deal. The most important change is 
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that the product no longer uses the PC- 
NFS code that Intergraph codeveloped 
with Sun Microsystems. Although for years 
this code was the de facto standard for PC- 
to-UNIX NFS access, implementing the 
code in the NT environment introduced 
more problems and limitations than it 
solved. ISS obviously recognised these lim¬ 
itations because the company dropped the 
PC-NFS code from the product and 
changed the product name from PC-NFS 
to DiskAccess. 

The current DiskAccess release lets you 
authenticate the system to an NFS server 
during the NT logon process or at the 
time of connection. You can also use dif¬ 
ferent authentication servers at connect 
time. This option is particularly useful and 
is not in most client-side NFS software on 
the market - most products authenticate 
you one time to one host. DiskAccess sup¬ 
ports authentication using either the 
PCNFSD or NIS methodology. Screen 1 
shows the Authentication tab of the 
DiskAccess dialogue box where you select 
the authentication host and type (NIS or 
PCNFSD). 

DiskAccess maintains the user au¬ 
thentication information separately for 
each user profile. Again, you won’t find this 
feature in most NFS client products. If this 
feature does not seem important, consider 
this scenario: if you want to implement 
NFS in a multiuser context (e.g., using 
NFS in conjunction with Citrix’ 
WinFrame, NCD’s WinCenter, Tektronix’ 
WinDD, or Insignia’s NTRIGUE), support 
for multiple, concurrent NFS authentica¬ 
tion is critical. DiskAccess addresses this 


need and the simpler case of a common 
workstation shared among multiple users. 

DiskAccess does not provide a separate 
user interface for accessing NFS directo¬ 
ries and printers; you simply use the stan¬ 
dard Network Neighborhood (or File 
Manager or Print Manager) utility to 
browse your network. As Screen 2 shows, 
an NFS Network entry appears on this list 
of available networks. When you double¬ 
click this entry, you see additional net¬ 
works containing your NFS servers, much 
like domains on an NT network. This list 
lets you target subnets you want to browse 
for NFS services. This approach lets you 
locate NFS resources beyond your local 
net, bypassing a limitation users experi¬ 
ence routinely when routers segment 
their networks. 

After you browse for the server you 
want, double-click the exported directory 
or printer to access it as if it were a native 
Microsoft network resource. This option is 
faster than having DiskAccess search entire 
network segments for all available NFS 
servers, letting you browse only the sys¬ 
tems you define. 

In addition to providing access to NFS 
directories and printers, DiskAccess in¬ 
cludes a set of utilities, including Telnet, 
TN5250, and TN3270 for terminal access; 
a graphical FTP program for file transfer; a 
Domain Name System (DNS) Query 
program for name-to-address lookups; 
Show Mounts and RPC Information to 
provide details about server-side settings; 
and Ping for basic name and address verifi¬ 
cation. DiskAccess also includes services to 
implement Remote Shell (RSH) for 


■ Screen 1: 

Opposite: Selecting the 
authentication host and type 
for DiskAccess 

■ Screen 2: 

Viewing available NFS 
networks 



remote command submission and 
Network Time Protocol (NTP) for net¬ 
work time synchronisation. 

So Many Choices, 

So Little Time 

AccessNFS Gateway and DiskAccess solve 
the same problem - accessing NFS ex¬ 
ports from a Microsoft client system. So 
which one should you use? Because it 
uses a gateway architecture where all 
traffic funnels through a common system, 
AccessNFS Gateway does not, in theory, 
offer the same level of performance as 
running multiple DiskAccess clients. But 
Gateway accommodates a wider variety 
of Microsoft operating systems and is 
much easier to integrate into an existing 
network. Differences notwithstanding, 
both are excellent choices for accommo¬ 
dating access to NFS servers. □ 

AccessNFS Gateway 

I LIST PRICE:] $4,200 for 5 concurrent users 

I-1: Intergraph Software Solutions 

1- C0NTACT; I 02 9886 6900 

Web:http://www.intergraph.com 

| PLATFORM: | lntel - AI P ha 


DiskAccess 


| LIST PRICE: 

$2,450 for 5 concurrent users 

| CONTACT: 

Intergraph Software Solutions : 


02 9886 6900 


Web:http://www.intergraph.com 

PLATFORM: 

Intel, Alpha, MIPS, Power PC 
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swims into the mainstream 


Microsoft delivers 


new multi-protocol routing 


software for Windows NT server 


a n North America fishing is a popular, national past-time for whiling away 
leisure hours. It seems those folks who develop products in the IT industry 
are also prone to delving into the deep blue — with Microsoft being the 
latest to become obsessed with all things fishy. 

Microsoft’s Routing and Remote Access Service (RRAS) is the newest version of 
its Multi-Protocol Routing (MPR) software for Windows NT Server. Before release 
the product was code-named Steelhead, and it has a few things in common with the 
fish it is named after. For one thing, MPR software has moved from a very basic rout¬ 
ing system that Microsoft never intended for heavy-duty use to (Microsoft claims) 
enough routing power to take on jobs dedicated routers currently do. 

With a new version of MPR, I decided to revisit a subject that I am familiar with, 
using NT Server as a LAN/WAN Internet router for a small C class or Classless Inter- 
Domain Routing (CIDR) network. But RRAS does more than make existing NT 
routing tasks easier; it adds new capabilities, including single-seat router administration, 
greater speed, support for Open Shortest Path First (OSPF) routing, integration with 
Point-to-Point Tunneling Protocol (PPTP), and packet filtering. 


Steelhead under the Spotlight 

I tested the Steelhead beta software, which Microsoft released as RRAS as I finished 
writing this article. The scenario I tested was basic, what Microsoft calls “home-office 
LAN” in the Steelhead documentation. Figure 1, page 40, shows the configuration. 

Suppose you have a small business (or a small part of a large business) and want to 
connect your local LAN to the Internet over a dial-up connection. You could always 
do this with NT, but doing so was a bit of a pain. Steelhead makes it easier for the NT 
Server to act as your LAN/WAN Internet router. The solution isn’t perfect, but it’s an 
improvement. 

















■ Figure 1 The test configuration 


I started with a C network, or CIDR 
block of addresses, from my Internet 
Service Provider (ISP). To set up a router 
with NT, I also needed a machine with at 
least 32MB of RAM, NT Server 4.0, 
Service Pack 2 (SP2), Steelhead beta 2, a 
modem, Integrated Services Digital 
Network (ISDN) or other Remote Access 
Service (RAS)-capable connection, and a 
network card. Other PCs on my local net¬ 
work have network cards, and I had to 
configure them with IP addresses from the 
block my ISP provided. 

First, I set up all the PCs on the LAN 
with the ISP-provided IP addresses. This 
step is important: each machine must have 
a separate and distinct, honest-to-good- 
ness Internet address. Do not make up 
addresses, and do not use the non- 
routable addresses. (A surprising number 
of people email me looking for help in 
setting up their routers, and the problem 
turns out to be that they just made up 
some IP addresses.) 

Then, I set up the NIC on the router 
PC and gave it an ISP-supplied address. 
The router PC eventually ends up with 
two IP addresses, one for the NIC and 
another for the RAS connection to the 
ISP. I installed a fresh copy of NT Server 
4.0 on the router machine from the distri¬ 
bution CD-ROM. I did not install RAS, 
because Steelhead removes RAS before 
installing. I pointed all the PCs’ default 
gateways to the IP address on the router 
PCs NIC. Then I made sure that all the 
PCs on the LAN could ping each other. 
With that done, I knew the LAN worked 
properly. 

I installed SP2 on the router PC; yes, 
that’s SP2, because SP3 didn’t work with 
Steelhead and my dial-up configuration. 
Microsoft fixed this problem for the final 
release, and RRAS requires SP3. I then 
installed Steelhead. It arrived as one EXE 
file but expanded to several files that install 
with the command mprsetup <directory> 
where <directory> is the directory that 
those files reside in. The setup program 
offers check boxes to let Steelhead handle 
network connections, routing, and dial-up 
connections; I checked them all, and the 
system restarted. 

Next, I logged on at the server, opened 




Modem, ISDN, 
or FRAD 


up Dial-Up Networking (DUN), and fig¬ 
ured out how to connect to my ISP. I was¬ 
n’t worried about routing yet; I just want¬ 
ed to get the NT Server to successfully dial 
up the ISP and establish a Point-to-Point 
Protocol (PPP) connection so that I could 
ping and run Internet Explorer and the 
like from the NT Server - I’ll discuss rout¬ 
ing to the other PCs a bit later. You have 
to noodle around with the IP parameters 
to make a PPP connection with your ISP 
work well. And when I say, “You have to 
noodle,” I mean it. My ISP had a specific 
FAQ on connecting with RAS and DUN, 
and some recommended settings were 
wrong. If tech support from your ISP is 
like tech support from most ISPs - that is, 
practically nonexistent - plan to spend a 
day or two messing with the DUN para¬ 
meters. If you use a full-time connection 
such as a Frame Relay Access Device 
(FRAD) look to tech support for that 
device. In this case, don’t buy the FRAD 
until you speak to both your ISP and the 
FRAD maker to be sure that someone will 
be around to help get you up and running. 

You’ll also need to experiment to find 
out how to automate your dial-in. With 
ordinary DUN, you can just tell NT to 
pop up a terminal window that lets you 
type in your username and password. But 
RRAS doesn’t let you do that.Your ISP has 
to support Password Authentication 
Protocol (PAP) or Challenge Handshake 
Authentication Protocol (CHAP), or you’ll 
need to write a login script. Now is the 
time to get the bugs out of this procedure, 
before you start worrying about routing. 


My ISP supported PAP, so authentication 
wasn’t a problem. 

Once you figure out all that ISP con¬ 
figuration stuff, write it down and keep the 
information in a safe place. Now you’re 
ready to route. 

If you’ve tried to make an NT Server 
act as a LAN and WAN IP router, you 
know that at this point, you must typically 
make a handful of Registry changes and 
reboot. But with RRAS, this stage is easy 
downstream swimming. 

RRAS has an administrative tool 
called Routing and RAS Administrator; 
you’ll find it in the Administrative Tools 
group. In my example, Steelhead doesn’t 
yet know about the dial-in connection, so 
you’ll see a screen similar to Screen 1, 
showing only the Ethernet connection. 
Steelhead doesn’t know about the 
modem, so I had to build the WAN link. 
I right-clicked the Ethernet interface to 
get the Add Interface option. That action 
kicked off the Demand Dial Interface 
Wizard, which looks a lot like the wizard 
that helps create new phone book entries. 
A couple of clicks in, I found Screen 2, 
which tells Steelhead that I’m using this 
modem as a dial-up IP router. The next 
few screens are similar to ordinary New 
Phonebook Entry wizard screens.The last 
screen let me set filters, which I’ll get back 
to in a moment. Routing and RAS 
Admin then looked like Screen 3; note 
the new interface, Clark Net. The Clark 
Net line type is demand-dial, meaning 
that the interface senses when you need 
it. In my example, I haven’t tried to route 
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■ Screen 1: 

Viewing the network configuration from the 
Routing and RAS Admin window 


through it yet, so it’s disconnected. 

You must take one more step before 
routing. The router knows that an Ethernet 
interface and a demand-dial interface exist, 
but it doesn’t know anything about the 
demand-dial interface — what IP addresses 
the router can access through this dial-up 
interface. RRAS needs a static route to get 
to the Internet. To add a static route, I 
clicked the plus sign next to IP Routing 
and right-clicked the Static Routes line. 
That step gave me an Add Static Route 
option, and I saw the dialogue box in 
Screen 4. 

I filled in the values; the first two are 
trivial because this connection will be a 
gateway to the Internet, and the Internet’s 
network address is 0.0.0.0 and subnet mask 
is O.O.O.O. I also had to fill in a gateway 
address, the one an ISP assigns to you when 
you dial in .Your router must have the same 
dial-in IP address as the gateway address, as 
near as I can tell. When you get a CIDR 
block or C network from your ISP, make 
sure the ISP always assigns the same address 
when you dial in. I filled in the metric of 
2, because my connection has a hop across 
the router to get to the Internet; If you set 
the metric to 1, you might not be able to 
route within your local network. The 
Interface lets me associate this route with 
my dial-up connection, the Clark Net 
interface. 

Next, you need to wake up the 
demand-dial connection. I went to a PC 
on my network and tried to ping a loca¬ 
tion such as www.microsoft.com. Now 
the cool stuff happens. From across the 


■ Screen 2: 
Configuring the 
dial-up IP router 

■ Screen 3: 
Viewing Routing 
and RAS Admin 
with the Clark Net 
connection 



Ethernet, my NT Server router got the 
clue that it needed to dial up, and did. At 
this point, I was live on the Net using an 
NT Server as a router. The connection 
takes a couple of minutes to get set up, so 
your first few pings might fail. I usually set 
a big timeout, like 

ping www.microsoft.com -w 10000 

How does it Rate? 

Other than the two pitfalls I’ve mentioned 
so far — you must end up with the same IP 
address all the time on the demand-dial 
interface, and you need to use either 
PAP/CHAP or an authentication script - 
how does the rest of RRAS work? For the 
application I explored here, I give 
Steelhead a grade of C; sometimes it 
seemed more like a croaker. The modem 
connection sometimes dropped for no 
apparent reason in the middle of transfer¬ 
ring data. Steelhead, my ISP, or perhaps fine 
noise was at fault. Other times, the con¬ 
nection stayed up, but the Steelhead router 
stopped responding to external pings. I 
attempted to send the four screenshot 
bitmaps that you see in this article over the 
connection as attachments to a mail mes¬ 



sage. But the connection never stayed up 
long enough to perform the operation, and 
I had to SneakerNet the files over in the 
end. The router was sometimes smart 
enough to reconnect, but not always. 
Sometimes the connection dropped - the 
off-hook light on the modem turned off - 
but the Routing and RAS Admin program 
showed the connection still up. Other 
times, I had to drop the connection manu¬ 
ally and force it to reset before I could get 
packets to route correctly. 

All in all, Steelhead wasn’t as hands-off 
as I’d like. But it 
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Registry parameters. And my old method 
of making NT act as a LAN/WAN router 
wasn’t kosher in the eyes of Microsoft tech 
support, which meant that if you couldn’t 
make it work, you were high and dry. 
Presumably that lack of support won’t be 
true with RRAS. 

I’d like to see a throughput measure 
built into the tool, but Perfmon’s RAS 
counters let you watch those statistics. And 
the user interface is a bit clumsy. For exam¬ 
ple, 1 had to fumble around just to dump 
the IP routing table from the GUI, 
although the familiar route print command 
works just as well as it ever did. And best of 
all for us stodgy old command-line types: 
From the command line, you can use 
routemon to do everything that you can 
do from the GUI. 

To answer whether the problem was the 
router or the ISP, I re-implemented the C 
network connection to the ISP with a 
dedicated router, the Micro Router 900i 
(MR900i), from Compatible Systems. The 
MR900i is reasonably priced (about $1400 
discounted) and comes with an Ethernet 
connection and a serial port, a nice basic 
LAN-to-WAN router. It does not do 
Open Shortest Path First (OSPF) or port 
filtering (or at least the one I own doesn’t; 
Compatible Systems’ Web site shows that 
later models do), but you can do single-seat 
management of multiple Compatible 
routers through a Windows program that 
comes with the router. Rebuilding the net¬ 
work with the Compatible router was a 
snap - no hitches - and the PCs on the 
network were able to access the Internet 
for big and small jobs without trouble.This 
result suggests that the instability lay in the 
Steelhead software. 

What RRAS offers 

Well, suppose you’re concerned about 
security in your intranet. In that case, 
RRAS is quite a catch. Virtual Private 
Networks (VPNs) offer one approach to 
Internet security. They let you use the 
Internet as a big, private LAN. PPTP lets 
you do that trick, but for the best PPTP 
security, the router machine must also be 
the PPTP server. RRAS’s higher perfor¬ 
mance means that you can use an NT 
machine as your LAN/WAN router even 



on a T1 connection, and that machine 
can also act as a PPTP server. 

Or you might choose to open your 
network to the Internet but protect the 
network from people using NetBIOS 
over TCP (NBT) to penetrate your 
network. In that case, filter TCP and 
UDP ports 135 through 139. Under IP 
Routing/ Summary, right-click the 
WAN link and choose IP 
Configuration to get a dialogue box that 
lets you filter particular ports from particu¬ 
lar locations. With such precise control, you 
can, for example, filter out port 25 from a 
particular IP address, denying that address 
the ability to send Internet mail to mail 
servers inside your network. 

As the network gets bigger, walking 
around to all the NT Server machines to 
administer the machines acting as routers 
will become tiresome. But the Routing 
and RAS Admin tool can control any 
Steelhead router from one location. Large 
networks can’t handle the chatty nature of 
the Routing Information Protocol (RIP), 
so you’ll welcome RRAS’s OSPF protocol 
support. Both RIP and OSPF are dynamic 
routing algorithms that discover routes 
through your network rather than requir¬ 
ing static routing. 



■ Screen 4: 

Adding a static route for Internet access 

Routing and Remote Access Service 

Contact: Microsoft. 02 9870 2100 
Web: http://www.microsoft.com/ntserver/info/ 
routing&ras.htm 

Micro Router 900i 

Contact: Compatible Systems 
Distributed by: Lidcam Technologies. 

(03) 9820 9077 (02) 9922 7066 
Web: http://www.compatible.com 


What do you Need? 

RRAS takes NT’s routing capabilities and 
moves them forward considerably. First, it 
runs faster than the built-in IP routing 
software and might now be good enough 
to replace dedicated routers. Second, sin¬ 
gle-seat management makes RRAS more 
practical to manage. Third, taking NT’s 
LAN/WAN routing capabilities out of the 
closet and making them officially support- 



( ABOUT THE AUTHOR ) 


Mark Minasi is a contributing editor for Windows 
NT Magazine, an MCSE, and the author of 
Mastering Windows NT Server 4.0 from Sybex. He 
teaches seminars on enterprise NT networking 
for TechTeach International, based in Virginia, 
USA. You can reach him atmark@mmco.com. 



ed tools is incredibly significant not only 
for Internet users but also for ISPs who 
want to move from a UNIX-based net¬ 
work to an NT-based network. Add the 
PPTP and packet filtering capabilities, and 
RRAS is a neat tool. 

That said, I must warn that prospective 
RRAS users must experiment with their 
IP environments to see whether RRAS 
does what they need. My experience with 
my ISP and the test C network would not 
have been sufficiently reliable to leave my 
intranet in the hands of MPR. If you use 
the network constantly, stay with the com¬ 
patible route. In fairness, remember I did 
those tests with 
beta software. 

Try out the 
release ver¬ 
sion and see 
whether 

good 
catch or 
you’ll 
want to 
just 

back. □ 
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a n June, Microsoft launched a new version of its 
Multi-Protocol Routing (MPR), Routing and 
Remote Access Service (RRAS), formerly code- 
named Steelhead. Compared with the earlier ver¬ 
sion of MPR, a built-in service in Windows NT Server 
4.0, RRAS has a rich set of routing and internetworking 
features that enable NT servers to route data over IP and 
IPX LANs and WANs. Some new MPR features in 
RRAS are Routing Information Protocol (RIP) 2.0 for 
IP, Open Shortest Path First (OSPF), IP and IPX packet 
filtering, and a dial-up router. Probably the most signifi¬ 
cant feature of RRAS is OSPF, a recommended routing 
protocol for TCP/IP networks. OSPF provides more effi¬ 


cient network convergence of routing information and 
less-and better-use of network bandwidth than tradition¬ 
al RIP. OSPF, however, is sophisticated and difficult to 
configure and manage in a midsize or large network. To 
design, implement, and manage an OSPF network suc¬ 
cessfully, you need a good understanding of OSPF and its 
rchitecture, and you must know how to configure it. 

ome Routing Basics 

) move from one network to another, a packet needs an 
termediate connecting mechanism known as a router. 

:r has a routing table, which specifies the next 
etwork for the packet en route to a specific 
When a router receives a packet, it checks its 
table for the packet’s destination address to deter¬ 
mine which attached router or network to send the pack¬ 
et to. Through this procedure, routers deliver a packet 
from a source to a destination. 

Routers use two methods to generate and maintain 
routing: static routing and dynamic routing. In static rout¬ 
ing, you manually create a routing table. This method 
works for a small, stable network, but not for a large net¬ 
work. If the network changes (e.g., if you add or remove 
a router or a link fails) you must manually modify the 
routing table, which is an administrative burden. In 
dynamic routing, a router maintains its routing table 
through a routing protocol. A routing protocol defines the 
way in which a group of routers exchanges routing infor¬ 
mation; a router chooses the best routing paths or routes 
to destination networks. 

A group of routers and networks under the same 
administration using a common routing protocol is an 
autonomous system (AS). The size of a network in an AS 
is not limited; an AS can be a small LAN with one router 
or a large network with hundreds of routers. A routing 
protocol used within an AS is an interior routing protocol 
(IRP), such as RIP and OSPF. A routing protocol for ASs 
to exchange routing information is an exterior routing 
protocol (ERP), such as exterior gateway protocol (EGP) 
and border gateway protocol (BGP). 

A network interface in a router is attached to a net¬ 
work segment or link so that the router can communicate 
with its neighbouring routers. A network interface has a 
cost, which reflects the bandwidth, length, and priority of 
the attached link, and reachable neighbouring routers. A 
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routing protocol uses the cost to find the best routes. 

Advantages of OSPF 

An AS has two kinds of IRP: distance-vector and link- 
state. A distance-vector routing protocol exemplifies a 
shortest-path algorithm; that is, it uses the total number of 
hops between a source and a destination as the cost vari¬ 
able in finding the best route. To continuously update 
their routing tables, routers using a distance-vector rout¬ 
ing protocol exchange information in terms of distances 
from sources to destinations. 

A link-state routing protocol, based on a link-state (or 
shortest-path-first) algorithm, works in a different way. 
Instead of exchanging distance information, routers 
exchange link states, or information about the router’s 
network interfaces. A router maintains a link-state data¬ 
base, which is a map of the network. The router uses the 
link-state database to derive the network topology and 
establish a routing table. A router using a link-state rout¬ 
ing protocol can compute a more accurate route than one 
using a distance-vector routing protocol. This process is 
like reading a detailed map to find the best route from one 
city to another. 

RIP is the most widely used distance-vector routing 
protocol. In an RIP network, each router broadcasts its 
routing table to neighbouring routers every 30 seconds. 
When a router receives a neighbouring router’s routing 
table, it updates its routing table and sends the updated 
table to neighbouring routers. This procedure is repeated 
until all routers in the network have updated their rout¬ 
ing tables and achieved network convergence. 

RIP is simple but limited.You can easily implement an 
RIP network by enabling RIP on each router. However, 
RIP is not good for large networks or WANs. 
Broadcasting large routing tables in the network every 30 
seconds consumes network bandwidth quickly. RIP also 
limits a network to a maximum of 15 hops. 

In comparison, the OSPF link-state routing protocol 
is powerful but complex. In an OSPF network, routers 
don’t exchange routing information until a change occurs 
in the network. When a router detects a network change, 
it immediately sends its changed link state (instead of an 
entire routing table) to its neighbouring routers. The 
neighbouring routers then forward their updated link- 
state information to their neighbouring routers. Because 
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routers propagate the updated information immediately, 
they achieve network convergence more quickly in 
OSPF than in RIP. OSPF uses network bandwidth more 
efficiently than RIP because it multicasts only the 
changed part of the fink-state database. 

OSPF doesn’t limit the number of hops. OSPF bal¬ 
ances the network load better than RIP by using the 
actual cost of the link instead of the number of hops. 
OSPF also supports other important routing features, such 
as authentication, variable-length subnet masks (VLSMs), 
and route summarisation. 

OSPF is good for midsize and large networks because 
of its efficient network convergence and better use of net¬ 
works. In fact, the Internet Architecture Board (IAB), an 
organisation overseeing Internet development, recom¬ 
mends OSPF as a replacement for RIP in TCP/ 
IP networks. However, an OSPF network is complex and 
not easily configured, especially when it contains mul¬ 
tiple areas in an AS. 

Welcome to OSPF Areas 

As I described previously, when a change occurs in a net¬ 
work, an OSPF router sends its affected link state to its 
neighbouring routers, and the neighbours send their 
updated link state to their neighbours. Link-state updates 
flood all routers in the network until the network achieves 
convergence. This flood of updates degrades network per¬ 
formance. To resolve this problem, you can divide an 
OSPF AS into several contiguous areas. Each area has a 
boundary to limit flooding within the area. Routers in the 
area contain the same link-state database, which reflects 
the topology of only that area. The routers don’t need to 
know exact topologies of external areas; the routers view 
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an external area as one node in the net¬ 
work. Using multiple areas in the network 
reduces the size of the link-state database in 
each area and therefore reduces the memo¬ 
ry requirement and time needed to com¬ 
pute the best routes. Figure 1 shows a sim¬ 
plified OSPF network divided into four 
areas. 

Each area has a unique ID number. A 
four-dotted decimal number similar to an 
IP address usually represents a 32-bit area 
ID. For instance, the four areas in Figure 1 
are 0.0.0.0,0.0.0.1,0.0.0.2, and O.O.O.3. 

Divide the Network into Areas 

An OSPF network must have at least one 
area. If the network contains more than 
40 routers, divide the network into multi¬ 
ple areas for better performance. If the net¬ 
work has more than one area, the network 
must have a backbone area with ID 
0.0.0.0, A backbone area is the centre of 
the network. All areas must report their 
routing information to the backbone, 
which distributes the information to all 
other areas. 

A router sitting on the border of two or 
more areas is an area border router (ABR), 
which exchanges routing information 
between areas. For example, Router 1 in 
Figure 1 is an ABR. It has interface 

120.10.8.1 in area 0.0.0.0 and interface 

192.10.20.1 in area 0.0.0.1; the ABR 
router connects the two areas. 

When an area connects direcdy to the 
backbone, it exchanges routing informa¬ 
tion with the backbone via an ABR. For 
instance, in Figure 1, the area 0.0.0.1 com¬ 
municates with the backbone via Router 1. 
When an area does not direcdy connect to 
the backbone, the area exchanges routing 
information with the backbone indirecdy 
via intermediate areas. For instance, in 
Figure 1, area 0.0.0.2 communicates with 
the backbone via the intermediate 
area 0.0.0.1. OSPF, refers to this intermedi¬ 
ate area as a transit area. 

For indirect connections, you have to 
establish a virtual link between the area and 
the backbone. In the example in Figure 1, 
to set up the virtual link between the area 
0.0.0.2 and the backbone, you configure 
Router 6 to use transit area 0.0.0.1 to 
reach the backbone 0.0.0.0, and you con¬ 




figure Router 1 
to use the transit 
area 0.0.0.1 
reach area O.O.O.2. 

In OSPF, Micro¬ 
soft refers to a vir¬ 
tual link as a vir¬ 
tual interface. 

Use Area 
Routers 

A router falls into 
one of three cate¬ 
gories: ABR, 

internal router 
(IR), or AS bor¬ 
der router 

(ASBR). Each 
type of router has 
a different func¬ 
tion. An ABR has 
its interfaces in 
different areas and handles interarea com¬ 
munications. To reduce the amount of 
information sent, the ABR sends only the 
summarised routing information (route 
summarisation or route summary) instead 
of individual routes. A route summary of 
an area is the network range that the area 
covers. For example, if area 0.0.0.0 in 
Figure 1 contains 8 subnets with IP 
addresses 120.10.8.0, 120.10.9.0, and so 
forth, using subnet mask 255.255.255.0, 
the route summary is IP address 
120.10.8.0; and the route summary subnet 
mask is 255.255.248.0. The route summa¬ 
ry subnet mask differs from the subnet map 
used in a regular IP address. Subnet mask 
255.255.255.0 means that the first three- 
dotted decimal numbers of an IP address 
are used as an IP network address. The 
route summary subnet mask 
255.255.248.0 means that the IP addresses 
in the route summary range from the fixed 
first 21 bits of IP address 120.10.8.0 fol¬ 
lowed by the changeable last 11 bits. 
Therefore, this route summary covers the 
subnets from 120.10.8.0 through 
120.10.15.0. 

An IR is a router that has all its interfaces 
in one area and handles intra-area routing. 
In Figure 1, routers 4,5,7,8, and 9 are IRs. 
An ASBR is a router that acts as a gateway 
between two OSPF ASs or between an 


OSPF AS and a different routing protocol, 
such as RIP. When the ASBR exchanges 
routing information with an external net¬ 
work, the routes it receives are external 
routes. Router 3 in Figure 1 is an ASBR. 

Use Stub Areas 

You can import many external routes into 
an OSPF AS via an ASBR. To block exter¬ 
nal routes from flooding into an area, you 
can use a stub area. A stub area applies 
default route 0.0.0.0 to keep the topology 
database size small. In OSPF, you can 
assume that any destination that can’t reach 
through an intra-area or interarea route is 
reachable through the default route. 

To implement a stub area, one or more 
of the stub area’s ABRs must advertise 
default route 0.0.0.0 to the stub area, in 
addition to the route summary. For exam¬ 
ple, in Figure 1, if area 0.0.0.3 is a stub area, 
you must configure Router 2 to advertise 
the default route to the area 0.0.0.3.When 
a packet in area 0.0.0.3 must travel to an 
external network, it goes to area 0.0.0.0 
using the default route first; then area 
0.0.0.0 forwards the packet to the destina¬ 
tion via an external route. 

Stub areas are useful when your OSPF 
network is connected to an external net¬ 
work, but they have restrictions. The back¬ 
bone area, a transit area, and an area having 
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an ASBR can’t be stub areas. For example, 
in Figure 1, area 0.0.0.0 can’t be a stub area 
because it is a backbone and area 0.0.0.1 
can’t be a stub area because it is a transit 
area. If area 0.0.0.3 is a stub area, you must 
configure routers 2,8, and 9 as stub routers. 

A stub area accepts the default route 
and route summary, but not external 
routes. An extension to a stub area is a 
totally stubby area, or a stub area without a 
summary.The extension accepts the default 
route but not route summary and external 
routes.The router uses the default route for 
any destination that is not reachable 
through an intra-area route in a totally 
stubby area. Microsoft OSPF supports this 
extension. 

Classify Networks 

The three kinds of networks are broadcast, 
point-to-point, and nonbroadcast multiac¬ 
cess (NBMA). A broadcast network is a 
network in which a host can send a pack¬ 
et to any other host, all other hosts, or a 
group of hosts. Ethernet, Token Ring, and 
Fiber Distributed Data Interface (FDDI) 
are broadcast networks. A point-to-point 
network is generally a point-to-point ser¬ 
ial line, such as a leased line of56Kbps,Tl, 
or T3. An NBMA network, such as asyn¬ 
chronous transfer mode (ATM), frame 
relay, or X.25, is a cloud in which perma¬ 
nent virtual circuits (PVCs) or switched 
virtual circuits (SVCs) form a physical 
topology but lack broadcast capabilities 
that OSPF requires. You must configure 
routers in a nonbroadcast network to 
know each other so that they can 
exchange OSPF packets. For example, if 
the link between routers 2 and 8 is a frame 
relay PVC, you configure Router 2 to 
reach Router 8 via interface 195.10.20.8, 
and you configure Router 8 to reach 
Router 2 via interface 195.10.20.2. 

Secure OSPF 

OSPF supports authentication to secure 
the exchange of routing information. To 
use authentication, you must configure all 
interfaces in the same area with the same 
password. A simple authentication uses a 
clear-text password, so someone with a 
network analyser, such as a sniffer, can get 
the password off the wire. Some router 



vendors offer 
cryptographic 
authentication 
in addition to 
simple authen¬ 
tication. For 
example, a 
Cisco router 
supports mes¬ 
sage-digest 
authentication. 

This type of 
authentication 
uses an algo¬ 
rithm based on 
an OSPF pack¬ 
et, an assigned 
key, and a key 
ID to generate 
a message 
digest that the 
router appends 

to the packet for good security. Microsoft 
OSPF, however, supports only simple 
authentication. 

Hello to Neighbouring Routers 

Routers can be neighbouring routers 
when they are in the same area, are con¬ 
nected to the same network segment, and 
use the same password for authentication. 
A router periodically sends a hello packet 
to its neighbours to check whether they 
are still alive in the network and their links 
are still active. When the neighbours 
receive the hello message, they acknowl¬ 
edge their existence to the router on the 
segment. If the router doesn’t receive an 
acknowledgment from a neighbouring 
router in a certain amount of time, it 
assumes that the neighbouring router is 
dead or unreachable. Consequently, the 
link-state database changes. The frequency 
with which a router sends a hello packet is 
a hello interval. The time that a router waits 
for an acknowledgment from a neighbour¬ 
ing router before it declares the neighbour 
dead is a dead interval. Neighbouring 
routers must have the same intervals. By 
default, the hello interval is 10 seconds, and 
the dead interval is 40 seconds. Microsoft 
OSPF uses these defaults. 

A router in a broadcast network sends 
the hello packet to the segment by multi¬ 


casting; that is, it sends one hello packet to 
a group of neighbours. A router in a non¬ 
broadcast network sends the hello packet to 
neighbours by unicasting; that is, it sends a 
separate hello packet to each neighbour, at 
a less-frequent poll interval. The poll inter¬ 
val is 120 seconds by default. Microsoft 
OSPF uses this default, too. 

Elect Designated Routers 

When the network topology changes, 
neighbouring routers start to exchange 
routing information until their link-state 
databases become the same. If n routers are 
in a segment, n x(n-l)/2 pairs of routers 
will exchange routing information. For 
example, Figure 1 
shows 4 routers 
the subnet A 
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amount of routing information exchanged, 
when the routers are powered on, OSPF 
elects a designated router (DR) on every 
segment except point-to-point segments. 
All other routers in the same segment 
establish an adjacency with the designated 
router, exchange routing information, and 
synchronise the link-state database with 
the DR. If n routers are in a segment, only 
n -1 adjacencies or n -1 pairs of routers par¬ 
ticipate in routing information exchange. 
So, 4 routers require only 3 adjacencies. In 
terms of efficiency, using a DR reduces the 
amount of routing information exchanged 
from order (ran) to order (n). Routing 
information exchange between the DR 
and other routers uses multicasting in a 
broadcast network but unicasting in a non¬ 
broadcast network. 

Each interface in a router has a priority. 
The priority can range from 0 (the lowest 
priority) to 255 (the highest priority); the 
default priority is 1. The network uses 
router priorities included in hello packets 
to elect a DR; the router with the highest 
priority is the DR. If two or more routers 
have the same priority, the router with the 
highest router ID will win the election. A 
router with priority 0 doesn’t participate in 
the election. Therefore, if you want a router 
to be a DR, you can simply assign the 
highest priority to it. 

For redundancy, OSPF uses the same 
criteria to elect a backup designated router 
(BDR). When the DR fails, the BDR 
becomes the new DR and OSPF elects a 
new BDR. 

Configure Microsoft OSPF 

Familiarity with how OSPF works makes 
configuring a Microsoft OSPF router 
straightforward. Microsoft provides an 
intuitive administrative tool for router con¬ 
figuration. You can also install this tool on 
an NT Workstation to manage routers 
remotely. 

The following steps explain how to 
configure a Microsoft OSPF router. You 
can use the flowchart shown in Figure 2, as 
a quick guide. 

1. Prepare an NT server. You need an 
Intel- or Alpha-based server with NT 
Server 4.0 (with Service Pack 3 or later). 

2. Install NICS. Make sure that your 



NICs are in the NT 4.0 Hardware 
Compatibility List (see http://www. micro 
soft.com/hwtest). Install NICs from the 
Network applet of Control Panel. You 
install WAN cards in the same way that you 
install a LAN card. Assign an IP address to 
each interface. OSPF supports VLSM, so 
you can use different subnet masks in your 
network. 

3. Install RRAS. You can download 
RRAS from http://www.microsoft.com/ 
ntserver/info/routing&ras.htm. Microsoft 
offers three options (RAS, routing, and 
demand-dial); you must install at least the 
routing option to get the OSPF function. 

4. Enable OSPF. Add OSPF to IP rout¬ 
ing, and add each NIC to OSPF. 

5. Configure OSPF for the router. 
Screen 1 shows the initial interface you use 
to define a router’s properties and its areas. 

6. Further configure OSPF for the 
router. After you have defined the basic 
properties of the router, including a router 
ID and the areas that the router belongs to, 
you must configure OSPF further for the 
router and its interfaces. A router can be an 
IR, an ABR, or an ASBR. If the router is 
an IR and is in a stub area, you need to 
enable Stub area from the Areas tab. If the 
router is an ABR, you need to configure a 
route summary (the network range) for 
each area that the ABR belongs to. If 
the router is an ABR in a stub area, 
you need to enable Stub area for the stub 
area from the Areas tab. You also need to 
enable Import summary advertisements if the 
area is an ordinary stub area, and disable 
Import summary advertisement if the area is a 
totally stubby area. 

If the ABR is on a virtual link, you need 
to set up the ABR’s virtual interface by 
linking it to the other end via a transit area. 
If the router is an ASBR, you need to 
choose which routing protocols the ASBR 
will talk to.You can use RIP or static rout¬ 
ing in the ASBR to communicate with an 
external network. You can even define 
which external routes the ASBR will 
accept. 

7. Configure OSPF for each interface. 

You need to configure OSPF for the prop¬ 
erties of each interface in the router. The 
properties include the area that the inter¬ 
face belongs to, the priority for DR elec- 



■ Screen 1: 

Beginning to configure a router in OSPF 

tion, the cost based on the bandwidth, the 
password for authentication, and the net¬ 
work type that the interface is attached to. 
If the network type is NBMA, you must 
define NBMA routing to reach neigh¬ 
bouring routers. You can change the 
defaults of hello, dead, and poll intervals; 
but if you do, make sure these intervals are 
the same in all neighbouring routers. 

Good Opportunities 

Microsoft aims to offer its customers a 
midrange router with packet-forwarding 
rates greater than 40,000 packets per sec¬ 
ond in regular use. Whether Microsoft’s 
new RRAS can survive in or win today’s 
highly competitive router market is ques¬ 
tionable because Microsoft is still working 
on supporting quality of service, IP multi¬ 
cast routing protocols, and BGPs. RRAS, 
however, is tightly integrated into the NT 
Server operating system. Using RRAS in 
an NT network can reduce the cost of 
ownership because all NT services are in 
one box. RRAS offers a good cost-saving 
opportunity for companies that want to 
roll out NT to remote or branch offices. □ 
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Managing Director for Dell Australia 


W hen Dell first hit Australia four years ago it 
brought with it a new way of selling PCs. 
Instead of using the channel and resellers, 
which other companies such as Compaq and Digital 
use, Dell adopted the direct selling method. Now the 
number 3 PC company in the world, Dell has 
caused other companies-most notably Compaq-to 
rethink their strategies. 

Yet Gary Elliot, Dell Australia’s managing director, 
doesn’t believe these companies will succeed in moving 
to a direct model. 

“We don’t believe you can mix both an indirect 
channel and a direct channel in the marketplace,” Elliot 
says. “If you drop your price to take advantage of the cost 
savings you may be able to gain from a build-to-order 
direct model, then your reseller in the indirect model 
can’t. On the other hand, if you then raise your prices — 
you lose the main advantage of the direct model.” 

Another problem that he belives these companies will 
face is the time and effort it takes to build up a direct sell¬ 
ing infrastructure. “The direct model is the toughest way 
of doing business - it’s not an easy model to implement,” 
Elliot says. “So any company, as has been proven in the 
past, that has sometimes come in and tried it - have 
almost as quickly gotten out of it again.” 

Yet it’s a model that’s been successful for Dell, allow¬ 
ing it to sell PCs at a lower cost than its channel com¬ 
petitors. “If you’re talking across the industry we would 
typically be about 10% lower,” Elliot says. The reason for 
this is that the direct model doesn’t use middle men who 
take out their own slice of the profits. In fact, Dell’s only 
major price competitor in Australia is Gateway, which is 
also a direct seller. 

“It’s clear that Gateway is a competitor to us in the 
low end SOHO market,” Elliot agrees, although he does¬ 
n’t believe Gateway is as strong in the corporate sector. 
According to him, 70% to 80% of Dell’s sales come 
from corporates. 

Currently the direct market accounts for around 30% 
of all Australian sales, yet Elliot believes this will grow 
larger in time. This is due not only to lower prices, but 
also more flexibility. For one thing, it allows Dell to build 
systems to order for customers. “They’re not buying 
products off the shelf,” Elliot says.“We’re selling what they 
specifically need.” 


For another, it means that Dell only buys stock as 
needed at current market prices. “We turn our inventory 
about 30 times a year,” states Elliot. 

Yet one of the more interesting aspects of direct sell¬ 
ing is its ability to adapt to the Internet better than chan¬ 
nel methods. According to Elliot, Internet sales account 
for a global daily income of $US2-2.5 million a day. 
While loathe to describe current figures for Australia, 
admitting that ‘they’re small at this stage’, Dell claims that 
Internet sales will increase to account for roughly 15% of 
all its local sales by the end of this decade. 

“We see it as a natural extension,” Elliot says. “It 
allows Dell to capitalise on its direct model and its 
global direction.” 

With Dell focussed more on the high end of the 
market, it’s not surprising that Windows NT plays a large 
part in its overall strategy. While Windows NT is shipped 
on roughly 30% of all Dell servers, as compared to a rough 
figure of 65% percent that run Netware, Dell believes the 
tide is turning. 

“There’s a great trend toward NT uptake,” Elliot says. 
“We believe NT is going to be a key part of our product 
offerings in future.” 

Another new direction for Dell is its Managed PC 
strategy. Launched a short time ago in the form of a tool 
that allows desktop PCs to act as dumb terminals, Dell 
is now expanding this to incorporate a new line of 
NetPCs. These should be available within the 
October/November timeframe and cost around $1500 
to $1800 dollars — a price which is far removed from 
the original concept of network devices being ultra 
cheap. This is because Dell’s NetPC will be shipping 
with a hard drive-something which NCs don’t have - 
as well as a minimum processor of a 166MHz MMX 
Pentium chip. 

“We see the NetPC as an open solution, which most 
organisations want,” Elliot says. “In fact, we haven’t met 
an organisation which didn’t want, or want to move 
back into a proprietary environment.” 

Elliot says this statement is backed up by the fact that 
corporations have requested similarly equipped, low end 
desktops in the past and, due to its direct build model, 
Dell “has been building the equivalent to the NetPC for 
some time now.” 

“This is not something which is new to Dell,” Elliot adds. 
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Too many oervero 

spoil network perfomance 


Boost your network performance by disabling 
unnecessary server components and 
taking charge of the browser 


by George Spalding 


a he life of an NT systems administrator is fraught 
with peril. In one location, you have a rapidly 
growing network with about 240 client nodes 
running a combination of Windows NT 4.0 
Workstation, Windows 95, and a few Windows for 
Workgroups (WFW) 3.11 machines (you just haven’t had 
the time to standardise, or maybe you have no choice). 
You also have six NT 4.0 servers with one Primary 
Domain Controller (PDC) and - because you’re paranoid 
- three Backup Domain Controllers (BDCs) for your sin¬ 
gle-domain structure (DOMAIN_MAIN), an Exchange 
server, and a SQL server. The BDCs also function as your 
print servers.The six NT servers contain all network files 
and necessary resources.The company has standardised on 
TCP/IP but has yet to implement routers, so you have 
decided not to implement Windows Internet Name 
Service (WINS) at this time. Because you have a legacy 
NetWare server, you are also running IPX/SPX 
(NWLink).Your users access the NetWare box using NT’s 
Gateway Services for NetWare, and you plan to phase it 
out in the near future. 

You are steadily replacing the old WFW machines 
with new hardware running NT 4.0 Workstation (good 
move). Life used to be good. But over the past few 
months, as you’ve added more nodes to the wire, the sys¬ 
tem has begun to slow down at unpredictable times. And 
to top it all off, every client’s Network Neighborhood 
(Connect Network Drive in the WFW machines) now 
lists most of the 240 nodes and the six NT servers. 

Your customers are complaining about several prob¬ 
lems: 1) general network performance is slower than it 
used to be and getting worse (“Some upgrade!”); 


2) mapping drives is a pain because the NT servers 
the NT clients are all lumped together in the sam 
under DOMAIN_MAIN, and the Win95 and, 
clients are listed in the first screen instead oi being 
grouped in a domain; and 3) every once in a while, for 
no reason, the entire network slows to a crawl for what 
seems like a minute or two, causing timeouts, resends, and 
ticked-off users. You are at a loss because you bought 
high-end hardware and followed all of Microsoft’s default 
installation instructions. Deep inside, you’re certain that if 
you don’t fix this problem soon, management is going to 
suggest that you call a consultant. That possibility is not 
good in your environment: the last consultant they called 
is now the CIO. 

But don’t despair. Some slowdown in network perfor¬ 
mance is a result of the way Microsoft handles network 
browsing. By making some minor changes in the server 
components in your system and disabling the browser, 
you can recoup some of your lost performance. 



Clients and Servers 

To better understand Microsoft’s network browsing, let’s 
look briefly at some of the technology underlying all 
Microsoft operating systems since WFW 3.1. I’m over¬ 
simplifying a bit, but every Microsoft operating system 
contains two major component types that govern net¬ 
work access: a workstation component and a server com¬ 
ponent. These components take the form of services in 
NT, but they exist in Win95 and WFW, too. 

In Win95 and WFW, you can’t separate the workstation 
component from the product. Each of these products 
exists simply to be the OS for standalone boxes or work- 
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stations on a network. However, in both 
NT Workstation and Server, the worksta¬ 
tion component is a separate service that 
you can manage individually through the 
Services applet in Control Panel. The pur¬ 
pose of this service is to provide the client 
portion of a client/server connection — that 
is, to connect to shared folders and shared 
printers in a Microsoft network. 

The server component creates the 
capability for a given machine (running 
WFW, Win95, LanMan, or NT) to func¬ 
tion as a server on the network. Active by 
default, this component lets you share 
directories, folders, and printers so that 
clients running the workstation compo¬ 
nent can connect to the server machine. 
On request, Network Neighborhood or 
Connect Network Drive presents lists of 
every computer (grouped by domain or 
workgroup) that has an active server com¬ 
ponent in the Microsoft network, even if a 
particular computer has nothing shared (no 
folders, no printers). By default, the com¬ 
puter’s Browser service (which runs auto¬ 


matically in all Microsoft OSs) manages the 
creation of this list. 

The Browser 

The NT Browser service is designed to 
give users a dynamically updated list 
of available resources (in Network 
Neighborhood or Connect Network 
Drive).The Browser runs under the covers 
in every Microsoft network. 

A master browser runs the Browser ser¬ 
vice. A master browser is a machine that 
acts as a sort of name service that keeps 
track of all servers that report themselves to 
it; it creates and maintains the browse list. A 
backup browser receives the browse list 
from the master browser and sends it to 
computers that ask for it. 

Every computer with the server com¬ 
ponent active announces itself as it boots 
(technically, as every service starts) to the 
master browser at 1, 2, 4, 8, and then 12 
minute intervals, and then continues to 
announce itself every 12 minutes as long as 
the computer or service is up. The backup 
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for NetWare Networks 




Let's assume you're using Windows for Workgroups, Windows 95, or 
Windows NT Workstation as client machines on a Novell (3.x or 4.x) net¬ 
work and that all your network resources are located on the NetWare 
Servers. If you've installed the Microsoft Client for NetWare Networks, 
you are probably still running Microsoft's server components. Disable 
or remove them as specified in the body of the article. If you have 
installed Novell File and Print Sharing for NetWare Networks on Win95, 
remove it immediately. Microsoft designed this feature to let 
NetWare-only clients see your Win95 machine as a NetWare Server-a 
truly bad idea. Novell's Client32 software (strongly recommended) 
for Win95 prohibits you from installing File and Printer Sharing for 
NetWare Networks. I also strongly recommend Novell's Client32 for 
NT Workstation as a stronger client on a Novell 4.x network, but you 
must still disable Microsoft's Server service and Browser service on 
the NT Workstation. 

On any platform, choose only one IPX frame type (802.2 strongly 
recommended) and bind only that one on all clients and servers. 
(NetWare 3.11 servers are the only ones that require 802.3). Binding only 
one frame type will significantly reduce Microsoft Browser traffic, which 
is protocol dependent. 


browsers also get a fresh copy of the mas¬ 
ter browser list every 12 minutes. (You can 
find out which of your machines is serving 
in what browser capacity with the browser 
monitor utility - Browmon.exe - in the 
Windows NT Server 4.0 Resource Kit.) 
When the user clicks on Network 
Neighborhood, the client software requests 
a current list of resources (any machine 
with the server component running) from 
the backup browser. That list of servers 
shows up in the Network Neighborhood 
(or Connect Network Drive) window. 
When the user double-clicks on a particu¬ 
lar computer, NT sends a request directly 
to that computer to return a list of its 
shared resources. The user then sees a dis¬ 
play of that list. 

Conceptually, the Browser service is 
hierarchical. In DOMAIN_MAIN, for 
example, because the PDC and the BDCs 
are on the same subnet, the PDC becomes 
the domain master browser, and two of the 
BDCs are backup browsers. After you add 
routers to the network, each subnet will 
have a master browser, probably a BDC. 

Master and Backup Browsers 

The system chooses master and backup 
browsers through an election process. This 
election is like playing king of the hill, 
with an assistant king of the hill, and king 
of the sub-hill, with an assistant king of the 
sub-hill. The process runs something like 
this: every time a domain controller boots, 
a browser election takes place. The PDC 
will always win the domain master brows¬ 
er role, and a BDC will always win the 
backup browser role (unless you have a 
BDC on a different subnet from the PDC; 
in that case, one BDC will be the master 
browser on that subnet). Special broadcast 
election packets announce these elections, 
and every machine that has its server com¬ 
ponent settings active participates (the 
server component is turned on in all 
machines by default). 

These domain controller elections 
work fairly well because when computers 
with server components broadcast elec¬ 
tion packets, the packets contain the 
information that the computers are NT 
4.0 servers and domain controllers, and 
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■ Sere 

Accessing the server 
component in an NT 
machine 




■ Screen 3: 

Accessing File and printer sharing to 
disable the server components in WFW 


NT server domain controllers are always 
king of the hill. The problem with this 
arrangement occurs when an ordinary 
client - let’s say a WFW machine - 
requests a browse list from the Browser 
service and doesn’t get a timely answer. 
The WFW client then 
calls an election and 
sends out a broadcast 
election packet pro¬ 
claiming to one and all, 

“I am the master 
browser unless someone more powerful 
than me responds.” Because every 
machine on the network is more power¬ 
ful than the WFW client, this announce¬ 
ment forces every machine (with active 
server component settings) to respond. In 
many networks, hundreds of machines 
might send election packet responses to 
knock this guy off. After 
several seconds of the election broadcast 
storm, the winners are decided, and 
(surprise!) they are the NT servers again. 

A flaw in Win95 causes endless 
Network Neighborhood confusion on 
that platform.This anomaly tells Win95 to 
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maintain a browse list even if it loses the 
election. Because each Win95 machine 
maintains a browse list and because each 
Win95 machine is a workstation and you 
can turn it on and off at any time, its role 
in the browser process can change at a 


moment’s notice. One minute it’s the 
backup browser; the next minute, it’s 
turned off and a new election occurs. 
Another Win95 machine with a different 
browse list becomes the backup browser 
and responds to requests, and on and on. 
(Have you ever wondered why you 
received different browse lists in the 
Win95 Network Neighborhood at differ¬ 
ent times, even though you knew that all 
the machines that you couldn’t see on the 
list were up and running?) 

The chronology of Microsoft’s prod¬ 
uct releases greatly influences the election 
process: WFW 3.11 in 1993, NT 3.5 in 


1994, Win95 and NT 3.51 in 1995, and 
NT 4.0 in 1996. During an election, 
when a WFW machine announces that it’s 
WFW, an NT 3.51 server knows about 
WFW and therefore wins an election 
against it. When Win95 was released, 
however, NT 3.51 
servers were unaware of 
the existence ofWin95; 
therefore, Win95 tells 
its election packet that 
it’s really WFW, and the 
NT 3.51 server wins its election. Now we 
have NT 4.0, which knows about every¬ 
body, but Win95 is still maintaining its 
own browse lists (you might call it a rogue 
browser). 

Here’s the scary part: everything I’ve 
told you about the browser is protocol 
dependent: if you are running two proto¬ 
cols (e.g., TCP/IP and IPX), you have 
two browser elections occurring and two 
sets of master browsers and two browse 
lists, and so forth. And in most NetWare 
environments, administrators have 
enabled both the 802.2 and the 802.3 
LAN frames to cover their hind quarters. 
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We opted for an Exchange-only solution 
that met the customers requirements and 
reduced administrative effort. 













































In this environment, you get three brows¬ 
er elections (one for TCP/IP, one for 
IPX/802.2, and one for IPX/802.3) 
and sets of three master browsers and 
three browse lists. (See the sidebar 
“Modifications for NetWare Networks,” 
for Novell solutions.) 

The current browser election process 
is, quite frankly, a mess. More politely, the 
entire concept of browsing, as Microsoft 
has implemented it, does not scale well in 
a corporate environment. Microsoft esti¬ 
mates that computer browser traffic is 31 
percent of total client initialisation traffic, 
31 percent of the total client-to-server traf¬ 
fic, and a whopping 51 percent of the total 
server-to-server traffic. (And remember, by 
default, every machine is a server.) Because 
Microsoft has recognised that browsing 
creates an unacceptable amount of net¬ 
work traffic for all but the smallest net¬ 
works, the company has implemented 
WINS - it helps a little, but also needs 
tweaking. Next year, Microsoft will incor¬ 
porate a more robust Domain Name 
System (DNS) in NT 5.0 and eliminate 
browsing. Although these improvements 
are a welcome relief, they don’t attack the 
root of the problem: all these client 
machines are running the server compo¬ 
nent when they aren’t servers. 

Solving the Problem 

The solution to the performance problem 
that browsing creates is to turn off the 
server component on every machine that is 
not performing the server function. To 
turn off the server component in NT 
Workstation, from Control Panel, select 
Services, and highlight Server, as you see in 
Screen 1. Click Startup and then Disabled, 
as Screen 2 shows. Click OK, then Close, 
then reboot. 

On any NT box that is not functioning 
as a server, you must also disable the 
Computer Browser service. From Control 
Panel, Services, select Computer Browser, 
Startup, Disabled. If you don’t disable the 
Computer Browser, you will receive error 
messages on bootup. But don’t disable the 
Server service or the Browser service on 
the real NT servers in your network. These 
NT servers are supposed to have the serv¬ 
er component active and announce them¬ 



selves to the world and share their stuff. 

In Win95, go to Control Panel, 
Network. Highlight File and printer shar¬ 
ing for Microsoft Networks, as you see in 
Screen 3. Click Remove. 

In WFW, use Notepad or Sysedit to add 
the following entry to the SYSTEM.INI: 

SYSTEM.INI 

[Network] 

NoSharingControl=1 

This command disables the server com¬ 
ponents; the user can’t turn them back on 
without editing the SYSTEM.INI. 

After you’ve disabled the server com¬ 
ponents, these client machines won’t 
announce themselves to the computer 
Browser service, nor will they participate 
in any browser elections, thus eliminating a 
sizable portion of the total network traffic. 
In addition to disabling the server compo¬ 
nents, don’t forget to trim additional net¬ 
work traffic by eliminating unnecessary 
network protocols wherever possible. This 
action will reduce browser-related traffic 

Pros and Cons 

By disabling the server components on 
nonserver machines of all types, you can 
reduce network traffic by 30 percent to 40 
percent, increase overall network perfor¬ 
mance dramatically, and clean up the 
Network Neighborhood display in Win95 
clients. The disadvantages of disabling the 
Server components are that NT users can’t 
use Network Neighborhood to browse the 
network; instead, Administrators (not users) 
must map drive letters to shares via logon 
scripts, NET USE, or persistent connec¬ 
tions. In addition, the Administrative shares 
(C$, D$, E$, ADMINS) become unavail¬ 
able for remote administration. 

Best of Both Worlds 

Some situations require the server compo¬ 
nents to remain active, such as when indi¬ 
vidual users have a shared printer or shared 
team or project folders on their hard drive. 
An NT Workstation user may also want the 
ability to browse network resources and 
choose them at will. In those cases, you can 
make one beneficial change to every 
machine that must run the server compo¬ 


nent but that you don’t want to participate 
in browser elections and that you never 
want to be the master or backup browser. 

By editing the Registry, you can pre¬ 
vent each machine from becoming a mas¬ 
ter browser and from participating in 
browser elections. At the same time, you 
still let them function as servers and place 
themselves (and their respective shares) on 
the list of available resources. NT 
Workstations also will be able to browse the 
network using Network Neighborhood. 

In NT (Workstation or Server), edit the 
Registry.In HKEY_LOCAL_MACHINE 
\System\CurrentControlSet\Services\ 
BrowserXParameters change the value of 
the REG_SZ entry in MaintainServer 
List to No. 

To make the same change in Win95, go 
to Control Panel, Network, as Screen 3 
shows. Highlight File and printer sharing 
for Microsoft Networks, click Properties, 
and set the value for Browse Master to 
Disabled. In WFW, comment out or 
remove the previously described entry that 
disabled the browser, and add the following 
entry to the SYSTEM.INI: 

SYSTEM.INI 

[Network] 

MaintainServerList=No 

Server components and browsing have 
always been an integral part of Microsoft 
networking. This arrangement has worked 
well in the past for small networks. But as 
Microsoft and NT push toward larger 
enterprise networks, browsing and the 
electoral process have to go. NT 5.0 elim¬ 
inates the concept of browsing. Until then, 
users have no choice but to carefully tweak 
their NT 4.0 and NT 3.51 networks to 
make them fly. □ 
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Virus protection these days is a must. There are 
now thousands of computer viruses and more 
appear constantly. Viruses have the potential to 
down your systems, cause you loss in productivity 
and worst of all, destroy all the data on the system. 
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J [ || sing Remote Access Service (RAS), you can eas- 

ily set up a Windows NT Server 4.0 system to 
IB act as a gateway between remote systems and 
your LAN-based hosts (e.g., UNIX systems, 
IBM mainframes, IBM AS/400s, Digital Equipment VAXs). In 
this environment, remote systems can dial in to the RAS server 
and then directly access a host usingTCP/IP-based services such 
as Telnet or FTP. Similarly, if you have a conventional SNA 
environment attached to your LAN, you can also use RAS to 
accommodate access to IBM mainframes and AS/400s via 
SNA Server. 

You can use a wide variety of remote systems to access a host 
via a RAS server, but I’ll focus on these three remote system con¬ 
figurations: a Macintosh system using TCP/IP to access a UNIX 
host, a Windows 3.x system using TCP/IP to access a UNIX 
host, and a Windows 3.x system using SNA Server to access an 
IBM host. (The absence of DOS, NT Workstation and UNIX 
configurations from this list does not mean that you cannot use 
them as remote systems—I’ve excluded them for the sake of my 
sanity.) I’ll also touch briefly on using SNA Server to access an 
IBM host from Windows 95 and NT Workstation systems. 


TCP/IP for Host Access 

Before jumping into the remote system configurations for direct 
TCP/IP access to a host, let’s pause and look at three big-picture 
considerations that relate to the way TCP/IP operates. First, do 
you have (or need) a TCP/IP router (called a gateway) in your 
LAN? Second, do you have a name server in your LAN and, if so, 
is it configured to support your host? Third, how should you assign 
the IP address to the remote system? Let’s examine each of these 
considerations. 

A TCP/IP gateway provides a path that lets your TCP/IP traf¬ 
fic travel from one logical network (IP subnet) to another. If all 
your local and remote systems use IP addresses that reside in the 
same subnet, you don’t need a gateway. If your remote systems 
use IP addresses that reside in a separate subnet, you must have a 
gateway in place to move traffic between the subnets. The most 
common application for a TCP/IP gateway is to provide a link 
to the Internet. 

The second consideration—name serving-affects your ability to 
reference hosts by name. For example, if you want to launch 
a Telnet session to a UNIX host named AIXLAB, you would 
probably like to say 

TELNET AIXLAB 

A name server provides a central service to convert IP names 
into IP addresses. If you have a name server, make sure you con¬ 
figure the name of your UNIX host in it. If you don’t have a 
name server, don’t feel obligated to implement one: you have 
two alternatives. 

First, you can define host-to-address mapping files in each 
remote system in a hosts file. Most TCP/IP implementations sup¬ 
port the ability to resolve names from such a file. Second, you can 
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avoid using names entirely and use only the IP address to initiate 
connections. For example, if the IP address for AIXLAB is 
216.56.55.63, you can use the command 

TELNET 216.56.55.63 

The final consideration is how to set the IP address on the remote 
system.You have two options: you (or the user) can manually con¬ 
figure the IP address on the remote system, or you can have the IP 
address download from the RAS server dynamically. 

Given a choice, opt for letting the server determine the address. 
This approach provides centralised control and eliminates the 
possibility of a typo in an IP address. Unfortunately, you will find 
that many Point-to-Point Protocol (PPP) implementations do not 
support dynamic address assignment, or even worse, their imple¬ 
mentations of dynamic address assignment are incompatible with 
Microsoft’s implementation (hey, it happens). In these cases, you 
must manually assign IP addresses in your remote systems. 

Time to PPP 

With a backdrop now in place, let’s talk about two specific con¬ 
figurations for direct TCP/IP access to a host system in your 
LAN: access from a Macintosh and access from a Windows 3.x 
system. Strangely enough, the Macintosh connection is the easi¬ 
er connection to set up-the Macintosh operating system better 
integrates TCP/IP than does the Windows 3.x environment. 

To enable Mac-to-AS/400 access over TCP/IP, you need the 
MacTCP control panel installed on your Mac, and you need add¬ 
on support for PPP. In my testing (and in real life), I use the 
ConfigPPP program; however, you can find many other free PPP 
implementations on the Web. ConfigPPP installs as both a system 
extension and a control panel. You must configure both the 


MacTCP and the ConfigPPP modules (via their control panel 
interfaces). 

First, access the MacTCP control panel and select the PPP 
interface in the opening dialogue box. Press More to access the 
detailed configuration options, as shown in Screen 1. Perform the 
following actions in this dialogue box: 

1. In the Obtain Address field, select Server to have the address 
downloaded from the RAS server, or select Manually to set up 
a static address. Screen 1 shows the configuration to obtain an 
address from the server. 

2. In the Routing Information area, set the Gateway Address 
to the address of your IP router, or to 0.0.0.0 if a router is not 
present. (The example in Screen 1 does not define a gateway.) 
If you choose to server-assign the IP address, the RAS server 
can also download the IP address of the default gateway. 

3. If you chose Server in step 1, skip to step 4. If you chose 
Manually, configure the IP address in the IP Address configu¬ 
ration area. You must first choose the class of address (A, B, or 
C) and then set the address value.The format of this entry field 
is rather strange, so be prepared to spend some time to figure 

4. If you are using a name server, specify the name of the 
domain it services and its IP address. For example, Screen 1 
shows that the system at 204.56.55.1 handles names for the 
duke.com domain. 

Press OK when you complete the configuration. You must 
restart your Mac to put these settings into effect. 

Next, move to the ConfigPPP process. In the ConfigPPP 
control panel dialogue box, make the following settings on the 
opening panel: 







■ SCREEN 1: 

Configuring network-level IP settings in the MacTCP 
control panel 


1. Set the Port Name to the loca¬ 
tion of your modem attachment. 
Usually, this setting is Modem 
Port. 

2. Set the desired IdleTimeout.A 
value of None means that the 
PPP connection will not time out 
and disconnect when no traffic is 
present. (I find no time out desir¬ 
able.) 

3. Set the Echo Interval to Off. 

4. In the check-box section, select 
only Hangup on Close. 

The previous ConfigPPP steps set 

only basic system-level information. 

You must now define the particulars 
of your RAS connection. Click New and 
specify a name for this connection - a 
logical name that does not have to match 
the computer name of the RAS server. 
After specifying a name, you return to the 
initial ConfigPPP display. Then, click 
Config to set the configuration details as 
follows: 

1. Set the Port Speed to the speed at 
which you want your Mac to talk to 
your modem.This setting needs to be at 
least as fast as your modem speed. 

2. Set Flow Control as appropriate for 
your modem connection. I usually 
ignore this field and specify None. 

3. Enable Tone Dialling or Pulse 
Dialling as appropriate for your phone 
system. 

4. Specify the phone number for your 
RAS server in the Phone Num field. 

5. Specify any modem initialisation 
strings you want performed before 
dialling commences. I usually set this to 
ATZ, which clears all temporary set¬ 
tings in the modem. 

6. Set the Modem Connect Timeout to 
a value long enough to let the Mac and 
the RAS server handle option negotia¬ 
tion and logon. I usually go with 90 
seconds. 

7. Finally, press Authentication, and then 
specify a username and password in the 
appropriate fields. This username and 
password must match a username and 
password defined in the RAS server—you 
cannot use this method to log on to an 
NT domain. 

Now that you have properly configured 
MacTCP and ConfigPPP, you can click 
Open in the ConfigPPP control panel dia¬ 


logue box to initiate a connection. The 
ConfigPPP module then instructs your 
modem to dial out and negotiate a connec¬ 
tion with the NT RAS server. When the 
connection is established, the status of the 
link (shown in the upper left corner of the 
ConfigPPP panel) changes from PPP 
Down to PPP Up. And that’s it. 

Once the call is established, you can 
connect to your LAN-based host via 
Telnet, FTP, or even a Web browser (assum¬ 
ing your host is running Web serving soft¬ 
ware). The Mac doesn’t come with any of 
these handy programs, so you will have to 
purchase commercial programs or obtain 
shareware programs. 

PPP from Windows 

For Windows 3.x to host access over 
TCP/IP, you need add-on Software- 
Windows and Windows for Workgroups 
(WFW) do not support PPP connections 
natively. You can use commercial products 
such as NetManage’s Chameleon, or share¬ 
ware packages such as Trumpet WinSock. 
Most TCP/IP vendors that market 
Windows 3.x products offer a product for 
PPP connectivity. 

In theory, the steps for configuring a 
Windows PPP connection are similar to 
the steps for establishing a Mac PPP con¬ 
nection. You define how you want the IP 
address set; configure a gateway, if present; 
configure a DNS server, if present; and 
define the characteristics of the RAS con¬ 
nection (e.g., phone number, speed, and 
user and password information). 

For my testing, I used NetManage’s 
Chameleon 4.6. I chose that package 
because I always used Chameleon for 


PPP Internet connections during 
those dark days when I used 16bit 
operating systems daily. 

At first glance, the fit between 
Chameleon and RAS seemed per¬ 
fect - Chameleon supports dynamic 
IP address assignment via DHCP or 
BOOTP, and it has a variety of con¬ 
nect-time logon options. However, 
none of these options did me any 
good. I was unable to establish a 
connection using DHCP or 
BOOTP (I had to manually assign 
an IP address), and I could not find 
any logon script that worked with 
NT RAS. That doesn’t mean I was 
unable to connect, but I had to be creative 
and come up with some interesting 
workarounds, as you will see shortly. 

When you use Chameleon, you set up 
configuration options in the product’s 
Custom program. You use the same pro¬ 
gram to initiate dialling. 

To set up the initial configuration, you 
must add an interface defined as a PPP con¬ 
nection. This process is simple: just use the 
Add option on the Interface drop-down 
menu. After you create an interface, you can 
configure it via the Configuration option 
on the Setup drop-down menu. In the 
Configuration dialogue box, shown in 
Screen 2, you configure the RAS connec¬ 
tion on the following tabbed pages: 

• IP Configuration, where you set the IP 
address of the remote system 

• Name Resolution, where you configure 
your name server (if present) 

• Gateway, where you define your 
gateway 

• Port, Dial, and Modem, where you 
configure items such as modem attach¬ 
ment, modem speed, and the phone 
number of your RAS server 

• Login, where you set your login authen¬ 
tication information 

For the sake of this discussion, I’m going 
to focus on the IP Configuration and Login 
tabs-the other tabs are self-explanatory. As I 
mentioned earlier, I was unable to establish 
a RAS connection from Chameleon using 
dynamic address assignment. That problem 
led me to manually configure the IP 
address, as shown in Screen 2. This IP 
address resides in the same subnet as my 
host system, so I didn’t need a gateway. 
After I set a manual address, I was able to 
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Configuring the IP environment on the IP Configuration 
tab in Chameleon's Custom program 


establish a connection into the RAS 
server-but 1 wasn’t able to log on. 

That situation led me to the Login 
tab. 

On the Login tab, shown in 
Screen 3, I specified a User Name 
and User Password that correspond 
to a username and password defined 
on the RAS server (again, you can’t 
use domain names in most PPP 
implementations). NT RAS does 
not provide prompts for logon 
scripts, so I disabled the script 1 had 
defined and figured that Chameleon 
would automatically log me on just 
like the Mac does. As things turn 
out, this assumption was sort of right 
and sort of wrong. 

Having configured my access name and 
password and having designated that I did 
not want scripting support, I fired up the 
connection again. To my surprise, 
Chameleon displayed a Terminal window 
when it initiated the connection. It seems 
Chameleon wanted me to log on manual¬ 
ly because I had not defined a script for it 
to use to log me on automatically. This 
arrangement is fine, except that RAS does 
not provide any logon prompts. 

Here’s where things got interesting. I let 
Chameleon establish a connection to the 
RAS server. I waited until the modem 
activity died down, and then I pressed 
Done to signal that I had completed the 
logon process. Well much to my surprise, 
Chameleon finished the logon process, 
and I was connected to the RAS server. 
Somewhere along the way, Chameleon 
automatically logged me on, even though 
it presented a Terminal window. 

After I closed the Terminal window, I 
was in. I then established a link to my local 
UNIX host using Chameleon’s Telnet pro¬ 
gram and transferred files using the 
Chameleon FTP program. Again, you can 
use other products than Chameleon to get 
a PPP connection—I’m just a creature of 
habit. If you don’t have Windows-based 
PPP software, I encourage you to explore 
all your options. Make sure you inquire 
about support for NT RAS connections. 

RAS and SNA Server 

If you look in the Network program 
group, you’ll find an inconspicuous entry 
called Remote Access. This program lets 



you dial up a RAS server and connect into 
a Microsoft network. 

Once connected, you can access shared 
files and printers as though you were 
attached to the LAN. Because an SNA 
Server system is, in many ways, just anoth¬ 
er NT server in a Microsoft network, the 
Remote Access program provides a conve¬ 
nient and relatively easy way to connect to 
an SNA Server system so that you can, in 
turn, connect to an IBM system. 

This article assumes you have mastered 
the SNA Server installation and configura¬ 
tion process. Also, I strongly recommend 
that you install and run the SNA client 
software on a system in your LAN before 
you try to install and run it on a remote 
system. After you conquer the client in¬ 
stallation process on a LAN-based system, 
you can graduate to a remote system. 

WFW does not install the Remote 
Access program by default; therefore, the 
first time you access the program, WFW 
will ask whether you want to install the 
program. Naturally, you say yes and then 
provide the disk or CD-ROM when you 
see the installation prompt. During the 
installation process, you define your 
modem and serial port (COM:) settings. 
All things considered, the installation is less 
than demanding. After you complete the 
installation steps, you must restart your sys¬ 
tem to wrap up this phase of the configu¬ 
ration process. 

By default, Remote Access uses the 
NetBEUI protocol to communicate with 
the remote network. You can change the 
protocol Remote Access uses or add sup¬ 
port for IPX or TCP/IP via the Network 


Settings program. I must warn you 
that WFW doesn’t excel at these 
other protocols, and if you want to 
use TCP/IP, you must have installed 
the WFW’s optional TCP/IP subsys¬ 
tem. For the sake of this article, let’s 
stick with the NetBEUI protocol. 
You need to enable support for 
NetBEUI in the RAS server and the 
SNA Server system. 

Before you can use Remote 
Access for SNA connections, you 
must install the client software that 
comes with SNA Server. The SNA 
Server CD-ROM includes client 
software for DOS, Windows, Win95, 
NT, and OS/2. To install the WFW 
software, simply run the SETUP program 
contained in the appropriate client directo¬ 
ry (\CLIENTS\WIN3X, in this case). 

You have only two important choices to 
make during the installation process. First, 
what protocol do you want to use? Select 
Microsoft Networking (Named Pipes) to 
specify that you want NetBEUI support. 
Second, you must specify how you want 
the client to find the server. You can speci¬ 
fy Local, in which case, the client will 
search for the SNA Server system in the 
domain, or you can specify Remote and 
cough up the name of the SNA Server sys¬ 
tem. I usually opt for the Remote method 
and explicitly provide the name of the 
SNA Server system (i.e., the computer 
name of the hosting NT system). 

After answering the configuration ques¬ 
tions, the SETUP program will create a 
program group called Microsoft SNA 
Server Client with three applications in it: 
SNA Setup, which is the SETUP program 
you just used to install the software; Client 
Config, a program that lets you change the 
protocol selection and SNA Server detec¬ 
tion method; and a stripped down 3270 or 
5250 emulator. You must restart your 
WFW system to complete the installation 
process. (Check Microsoft’s Web site to 
make sure you have all the latest Service 
Packs for SNA Server. The Service Packs 
cover the server-side and client-side soft¬ 
ware, and you need to install both.) 

OK, so now you’re ready to dial, right? 
Right! Start the Remote Access program, 
and it will prompt you to create a phone 
book entry. This part is easy-just enter a 
name for the entry, the phone number of 
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■ SCREEN 3: 
Defining the user and 
password for the RAS 
connection on the 
Custom program's 
Login tab. 




■ SCREEN 4: 
Defining and dialling 
a RAS connection 
via WFW's Remote 
Access program. 


your RAS server, and an optional descrip¬ 
tion. Press OK to return to the main 
Remote Access screen, shown in Screen 4. 
Make sure the phone book entry is high¬ 
lighted in the window, and press Dial. 

When you press dial, Remote Access 
doesn’t dial. Instead, it presents an 
Authentication dialogue box that requests 
your username, password, and optional 
domain for the network you are dialling 
into. Support for domain-based authenti¬ 
cation is one of the key benefits of RAS 
over PPP. With PPP, you’re locked into 
user definitions stored on the RAS server; 
here, you can use any domain user autho¬ 
rised for remote access. 

After you specify a user, password, and 
optional domain, press OK; the Remote 
Access program will initiate communica¬ 
tions with your modem and instruct it to 
dial out. When the RAS server answers, the 
Remote Access program will present your 
user, password, and domain credentials to 
the server; if the server accepts them, you 
will be logged on to the network. 

Once you’re in, you can access the SNA 
Server system. But before you do that, test 
the connection. An easy way to test the 
connection is to bring up File Manager and 
select Connect to Network Drive. If noth¬ 
ing shows up in the list of available systems, 


you have trouble-most likely, mismatched 
protocols (e.g., your client is using 
NetBEUI, but everything in your LAN is 
using TCP/IP). 

If you see a list of servers, make sure the 
SNA Server system is on that list. If it’s not, 
you either have a protocol mismatch or a 
user authorisation problem. Look at the 
SNA Server system’s configuration to diag¬ 
nose a protocol mismatch problem, and try 
to access the system using the same user, 
password, and domain information from a 
LAN-based system to diagnose a user 
authorisation problem. For the sake of argu¬ 
ment, let’s assume a list appears and your 
SNA Server system is on it. 

Under WFW, the SNA Server client 
software doesn’t initiate a connection until 
a client program requests it. Therefore, to 
test the link, you can run on the terminal 
emulation applet. You need to configure 
the host connection via the Session 
Configuration entry on the Session drop¬ 
down menu. When you select this, the 
SNA client software attempts to establish 
the link to the SNA Server so it can obtain 
configuration information. 

You configure mainframe and AS/400 
links differently; however, both cases are 
fairly straightforward-especially if you read 
the SNA Server documentation first. Once 


you complete the configuration informa¬ 
tion, press OK to receive an IBM sign-on 
menu. Getting this menu means you have 
successfully completed the RAS and SNA 
client installation process. You can now 
install additional third-party client-side 
emulation/access software as long as it sup¬ 
ports SNA Server, of course. 

Windows 95 and NT Clients 

The installation process for Remote Access 
software under Win95 and NT 
Workstation 4.0 is much simpler than the 
Macintosh, Windows, or WFW proce¬ 
dures. Simply start the Dial-Up 
Networking utility in My Computer, and 
the configuration wizard guides you 
through the entire process. The installation 
of the SNA Server client software is equal¬ 
ly simple. Microsoft learned lots of lessons 
from WFW, as clearly evidenced by the 
superior networking and dial-up capabili¬ 
ties you find in Win95 and NT. 

Keep On RASing 

RAS provides a fairly painless method for 
facilitating remote access to LAN-based 
hosts.You can use the ubiquitous PPP pro¬ 
tocol to run an end-to-end TCP/IP con¬ 
nection from almost any kind of system, or 
you can implement SNA Server to accom¬ 
modate SNA links between remote clients 
and your IBM systems. Even better, you 
can offer both kinds of connections 
through the same RAS server. 

But that’s not all RAS can do. You can 
use RAS to access NT file and print 
servers. You can also use RAS to provide 
access to a centralised Internet connection, 
to Novell NetWare servers, and more. 
RAS is one of those technologies that 
grows on you— implement it for one appli¬ 
cation today, and who knows what you’ll 
be using it for tomorrow. □ 
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Migrating to 

Microsoft Exchange Server 

H by DAVE JOHNSO 




“Keep a copy of all my inbound and outbound Simple Mail Transfer 
Protocol (SMTP) mail so that I can comply with industry regulations," the 
customer requested. 

“No problem ," / said. “That feature is built into the Exchange 
Internet Mail Connector. ” 

“But remember,” the customer said. “I don’t want you to keep copies of 
any internal SMTP messages that travel between Exchange and my 
legacy mail system. ” 





ZZZZZZZZZZ! Thanks to my alarm clock, I 
escaped a dream that replayed the previous 
day’s meeting with a new customer. The cus¬ 
tomer asked us to assist in a company migra¬ 
tion from Novell’s GroupWise to Microsoft Exchange 
Server 4.0. Together we identified three key objectives: 

• Migrate nearly 650 users gradually, and provide coexis¬ 
tence of the two mail systems. 

• Provide uninterrupted Internet mail flow for 
GroupWise and Exchange users and do not modify 
users’ Internet mail addresses (user@ourfirm.com). 

• Archive all external messages, inbound and outbound, 
to comply with an industry regulation without archiv¬ 
ing internal messages between Exchange and 
GroupWise. 

After considering third-party gateway products, we opted 
for an Exchange-only solution that met the customer’s 
requirements and reduced administrative effort. This arti¬ 
cle describes the solution and explores its application in 
other environments. 

The Solution 

Figure 1, illustrates our initial plan to introduce Exchange 
into the customer’s messaging environment. To meet the 
first objective, to migrate gradually and have the two mail 
systems coexist, we changed the function of the client’s 
GroupWise SMTP gateway. Previously, the gateway han¬ 
dled Internet-only messages, but we restricted it to pass¬ 
ing all outgoing SMTP messages to Exchange. This 
change and configuration of the Exchange Internet Mail 
Connector (IMC) let the two systems communicate 
without additional gateways. 

The second objective, uninterrupted mail flow and 
maintaining Internet mail addresses, required more con¬ 
sideration. Although we planned to use the Exchange 
IMC as the conduit to the Internet, recipient addressing 
was a problem. Because we needed to address GroupWise 


and Exchange users at the same email domain 
(ourfirm.com) regardless of platform, we had to intelli¬ 
gently route messages addressed to user@ourfirm.com to 
either Exchange or GroupWise, depending on the recip¬ 
ient’s migration status. Exchange’s Alternate Recipient 
and Custom Recipient features, which let us redirect 
incoming messages to user mailboxes on foreign systems, 
solved the addressing problem and minimised overall 
administration during the migration. 

To achieve the third objective, archiving external 
communications, we had two options: develop an appli¬ 
cation to scan mail headers to distinguish and archive 
external messages, or create an infrastructure extension to 
provide service for external messages only. The second 
option proved cost-effective and easy to support. We 
added a second Exchange server and IMC to the site and 
routed all Internet mail through it to fulfill the archiving 
requirement. 

SMTP Configuration and Proposed Mail 
Routing 

Our customer’s existing SMTP gateway had provided a 
messaging link to the Internet for several months. To ful¬ 
fill the first two necessities, which required connecting 
the two mail systems, we leveraged the existing gateway as 
a dedicated path to Exchange. We determined that with 
the IMC Sample Extension DLL, Exchange can act as a 
smart mail host, rerouting messages to other SMTP hosts. 
This solution was the key to GroupWise Internet con¬ 
nectivity. 

Next, we created Exchange mailboxes for current 
email users. We also represented each GroupWise user 
with an alias (Custom Recipient) in the Exchange direc¬ 
tory and hid the aliases from view. Then, we modified 
delivery properties of each Exchange mailbox to reroute 
messages to an Alternate Recipient, the GroupWise mail¬ 
box alias. Table 1 lists Exchange objects and their proper- 
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ties relevant to our plan. This configuration 
let us route messages from unattended 
Exchange mailboxes to corresponding 
GroupWise mailboxes and eliminated 
addressing confusion for Exchange users. 

To illustrate our proposal, let’s briefly 
follow the route for three types of messages 
and their replies. First, Internet messages 
addressed to Exchange users at the our- 
firm.com domain are delivered to the 
Exchange server. (Note: to make this 
approach work, we had to contact the cus¬ 
tomer’s Internet Service Provider - ISP - 
and request modification of the MX record 
for the ourfirm.com domain. We had the 
ISP replace the GroupWise SMTP gateway 
name and address information with that of 
the Exchange server.) Likewise, Exchange 
performs a Domain Name System (DNS) 
lookup to transfer any reply or other out¬ 
going message to Internet mail hosts. 

With the second type of message, 
GroupWise messages to Exchange resem¬ 
ble incoming Internet mail, addressed to 
user@ourfirm.com. (Note: the GroupWise 
directory is populated with abases, such as 
user@ourfirm.com, for each former 
GroupWise user, to simplify addressing for 
GroupWise users.) By configuring the 
GroupWise SMTP gateway to forward all 
messages to Exchange, messages now arrive 
in an Exchange recipient’s mailbox from a 
sender in the ourfirm.com domain. 
Replies and other Exchange to 


GroupWise messages are delivered to the 
GroupWise SMTP gateway (gw.ourfirm. 
com) because of the address space and 
message debvery configuration. 

Finally, GroupWise communication 
with the Internet showcases the utility of 
our design. Incoming Internet mail 
addressed to user@ourfirm.com reaches an 
Exchange mailbox, and the Alternate 
Recipient feature reroutes the mail to the 


an additional IMC, dedicated to process¬ 
ing external messages, was our only 
requirement. 

Figure 2 shows that we added an 
Exchange server, Extmail, and outlines 
configuration settings for the Our Firm 
site: we have two Exchange servers. Intmail 
is home server to all Exchange mailboxes 
and Custom Recipients. The Intmail IMC 
routes gw.ourfirm.com messages to the 

.pp.op'i... we opted for an Exchange^nly GroupW is « SMTP 

GroupWise mail- gateway and all other 

box. Replies and solution that met the customer’s mail to Extmail. The 


requirements and reduced 
administrative effort. 

t delivered i 


other GroupWise 
mail to Internet 
users pass through 
the GroupWise 
SMTP gateway and 
Exchange. With the IMC Sample 
Extension DLL in place, if the message 
does not match the domain criteria 
ourfirm.com, it is then forwarded (via 
DNS lookup) to the appropriate Internet 
mail host. 

Archiving External Messages 

In our new, somewhat elaborate, SMTP 
environment, the archiving objective 
becomes simpler. We already proved that 
with built-in Exchange features, we can 
distinguish and, more important, reroute 
SMTP messages based on domain names. 
Also, we know that message archiving is an 
optional IMC function. We concluded that 


message archival fea¬ 
ture of Intmail’s IMC 
is disabled. We added 
Extmail to the site to 
send and receive Internet mail. Extmail 
uses DNS to deliver messages to appropri¬ 
ate Internet mail hosts. We configured 
Extmail to archive SMTP messages. 

Again, let’s trace the route of messages 
and their replies, to examine the design. 
Assume we’ve already contacted our 
cHent’s ISP to add an A record (DNS ter¬ 
minology for the record that contains the 
IP address and fully qualified domain name 
of a computer and that is used for name 
resolution) for Extmail and to modify our 
MX record directing mail to Extmail. 

Mail from an Exchange user, user@ 
ourfirm.com, addressed to president@ 
whitehouse.gov leaves the Exchange site 
via Extmail’s IMC, which is configured 


1 Exchange Objects Properties 


Settings 

Comments 


SMTP Address: user@ourfirm.com; 

For GroupWise users only, specify an Alternate 
Recipient: user@gw.ourfirm.com 
(Custom Recipient entry for this user) 


Preserves users' standard Internet 
addresses 


SMTP Address: user@gw.ourfirm.com; 
Advanced: Hide entry from address book 


Exchange uses this directory entry 
exclusively to redirect messages 
to GroupWise 


Message Delivery: For gw.ourfirm.cc 
use gw.ourfirm.com (IP address) 


GroupWise SMTP gateway performs 
directory lookup and delivers message I 
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■ Figure 1: 

Reconfiguration Plan for the Messaging Environment 


■ Figure 2: 

New Configuration for the Our Firm site 



with a global wildcard address space (*). 
Extmail uses DNS to find the appropriate 
mail host for whitehouse.gov and transfers 
the message. Extmail receives the reply, 
addressed to user@ourfirm.com, and sub¬ 
jects the message to the criteria of 
imcroute.cfg (the IMC Sample Extension 
DLL configuration file). If Extmail finds a 
match, the message is rerouted to the local 
host and IMC handles it. After archiving 
the message, Extmail’s IMC delivers the 
message to the recipient’s Exchange mail¬ 
box. No alternate recipient is specified, so 
the users receive the message in their inbox. 

A GroupWise message to Exchange is 
different from our previous model. The 
message, from davej@ourfirm.com to 
user@ourfirm.com, reaches the GroupWise 
SMTP gateway, which directs the message 
to Intmail. If the message matches the cri¬ 
teria in imcroute.cfg, the message path is 
localhost, Intmail’s IMC, and the message 
will be delivered to Exchange (this path 
includes no message archival). The reply is 
addressed to davej@ourfirm.com, which is 
a valid Exchange mailbox, configured to 
reroute mail to davej@gw.ourfirm.com. 
Intmail’s IMC, configured with address 
space and message delivery options, trans¬ 
fers this reply to gw.ourfirm.com. The 
GroupWise SMTP gateway performs a 
directory lookup for davej and passes the 
message to the user’s mailbox. 

the Internet is the best illustration of 


our proposal. A message from davej@ 
ourfirm.com to president@whitehouse. 
gov travels through the GroupWise SMTP 
gateway to Intmail, doesn’t match domain 
criteria in imcroute.cfg, enters Intmail’s 
IMC (isn’t archived), is forwarded to 
Extmail, doesn’t match domain criteria in 
imcroute.cfg, enters Extmail’s IMC, and is 
archived and forwarded to the appropriate 
mail host for whitehouse.gov. The reply to 
this message (to davej@ourfirm.com) fol¬ 
lows an equally ambitious route. From the 
whitehouse.gov SMTP host to Extmail 
(found via DNS lookup), the message 
matches the criteria of imcroute.cfg, is 
rerouted to localhost, is archived, and is 
delivered to Exchange by the IMC. Based 
on the alternate recipient configuration (to 
davej@gw.ourfirm.com) of my Exchange 
mailbox, the message then travels to 
Intmail’s IMC, to the GroupWise SMTP 
gateway, and to my GroupWise mailbox. 

Complex but Effective 

Although our messaging project was not 
simple, Exchange Server answered our 
toughest challenges. We used NT’s 
NetWare migration tool to create accounts 
and Exchange’s Directory Import feature 
and Microsoft Access to create mailboxes 
and Custom Recipients. Within minutes 
after import file setup and sample runs, we 
had a complete directory of all user mail¬ 
boxes, hidden Custom Recipients, and 
corresponding Windows NT accounts. 


Later, still using Directory Import and 
Access, we effortlessly modified each mail¬ 
box to include items such as department 
and distribution list membership. 

Although industry regulations for 
message archival are not commonplace, our 
solution can be practical in countless other 
scenarios. For example, although our solu¬ 
tion discusses migration from Novell’s 
GroupWise, you can apply this solution in 
migrations to Exchange from any mail 
platform that supports SMTP. Also, to 
comply with the Federal Records Act, 
many government agencies retain copies of 
electronic communications involving mat¬ 
ters of public record. These organisations 
can use parts of our solution to archive 
internal and external mail. In today’s world 
of business partner connectivity and 
increased online vendor and customer cor¬ 
respondence, Microsoft Exchange has 
many options to offer. Its flexibility, how¬ 
ever, underscores the value of critical 
thinking before implementation. □ 
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Foil attacks 



on your registry 


Know your enemy and take control 
of network security 


he March 31,1997, EE Times article about the 
alleged flaw in Windows NT’s security has 
sounded an alarm. In brief, the story asserted 
that “a reasonably skilled kid” with a PC and a 
modem could hack NT’s passwords. How serious is the 
security breach the article exposed? In an official statement 
(http:/ / www.microsoft.com/ security/ee times 
.htm), Microsoft wrote that the only true threat to NT’s 
security is from someone first obtaining an administrative 
account and password. Microsoft’s solution: protect the 
administrator accounts. Contrary to Microsoft’s statement, 
not just administrators can compromise NT’s security. 

The crux of the issue is who has access to the Security 
Accounts Manager (SAM) and Security hives of the NT 
Registry. NT stores user passwords as part of hash 
codes in the SAM hive of the Registry. The Security 
hive contains security information for the local com¬ 
puter, including user rights, password policy, and the 
membership of local groups. The SAM hive needs the 
Security hive to work properly. If hackers can access the 
SAM hive, they can use a utility such as PWDUMP avail- 
ableathttp://www.nmrc. org/files/nt/index.html. As Screen 1 
shows, PWDUMP changes permission on the Registry to let 
users read the SAM. PWDUMP provides a printout of the 
hash codes and, therefore, makes them accessible to password 
crackers such as NT Crack and LOphtCrack. Here are steps a 
potential hacker could follow to crack NT’s security, and 
what you can do to prevent such attacks on your system. 


HACKER GOAL ONE: 

GAIN ACCESS TO THE SAM 

Users can gain access to the SAM and Security hives in several ways. 
Microsoft says the best way to protect your NT systems is to protect the 
s » administrator accounts, but administrators are not the only users who 
^ ; can access the SAM and Security hives. Server operators, backup oper¬ 

ators, and even ordinary domain users can view and dump hash codes 
from the Registry. Protecting administrator accounts is not enough.By 
default, no user has the proper permissions to access or even view the 
NT SAM. However, the SAM and Security hives are like other files. Users 
who have permission to copy the Registry files - such as users who might have 
to back up the Registry - can copy and manipulate these files on a whim. 
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If you log on as a backup operator, 
however, you can’t just copy the SAM and 
Security hives. The Registry is open while 
NT is running, and a sharing violation 
occurs when you attempt to copy the files. 
However, the Regback utility on the 
Windows NT resource kit CD-ROMs lets 
anyone in the administrator, server opera¬ 
tor, or backup operator local groups copy 
the open Registry. 

The list of potentially dangerous users, 
however, includes more than these three 
groups. Regular domain users can invade 
NT security if NT is on a FAT volume and 
they have permission to restart the 
machine. All they have to do is boot to 
DOS, copy the SAM and Security hives 
from the %SystemRoot%\System32\ 
config directory, and they’re in business. 

In general, if NT is on an NTFS vol¬ 
ume, domain users can’t boot DOS and 
copy the hives. But NTFSDOS, a utility 
written by Mark Russinovich and Bryce 
Cogswell, lets users mount the NTFS vol¬ 
umes in DOS. Run NTFSDOS, go to 
the %SystemRoot%\System32\config 
directory, and copy the hives. 

Microsoft says that true security is phys¬ 
ical security. Following Microsoft’s advice, 
lock the machines away, and remove 
ordinary users’ permissions to restart the 
computers. If users can’t restart the 
machines, the possibility of rebooting to 
DOS on a FAT volume or using NTFS¬ 
DOS is no longer a threat. 

Is NT secure now? Ordinary domain 
users can’t copy the open Registry because 


the action will cause a sharing violation. 
Nor can users back up the system because 
they don’t have permissions associated with 
administrator, server operator, or backup 
operator accounts. But a fundamental fea¬ 
ture of NT’s built-in availability is the 
Repair directory. After a successful installa¬ 
tion and each time you run the Rdisk util¬ 
ity, NT stores a backup of the Registry in 
%SystemRoot%\Repair. The backup files 
aren’t open, and users can easily copy them 
if they can log on locally or if the directory 
is shared. By default, the NTFS permissions 
don’t protect the Repair directory. All users 
have read control, and read control offers 
enough permission to copy files. 

For ordinary users to obtain the SAM 
hive that contains passwords, they must 
access the current version of the Registry. 
The Registry is vulnerable in at least two 
ways. First, even though NT doesn’t back 
up the Security and SAM hives by default 
when you run Rdisk, a copy of the SAM 
from the original NT installation remains 
in the Repair directory. If the administrator 
has not changed the administrative pass¬ 
word since the original installation, the 
password is at risk. Second, many adminis¬ 
trators use the rdisk /s command, which 
includes the Security and SAM hives in a 
backup to an unprotected Repair directory. 

In summary, here’s how you can prevent 
an ordinary domain user from gaining 
access to the SAM and Security hives on 
your servers: 

• Don’t permit local logon to servers. 

• Use NTFS volumes instead of FAT volumes. 


• Physically secure the servers. 

• Change the default permissions of the 
Repair directory. 

• Secure your Emergency Repair Disks 
and tape backups. 

Remember, users can still access their local 
machine’s Registry through the Repair 
directory or an Emergency Repair Disk 
and attempt to crack the local machine’s 
administrator password. One way to pre¬ 
vent this attack is to convert to NTFS and 
set more restrictive permissions on each 
workstation’s Repair folder. 

HACKER GOAL TWO: 

DUMP THE HASH CODES 

Even after users have copies of the SAM 
and Security hives, they can’t easily view 
hash codes. They have to log on to an NT 
machine as Administrator and dump the 
hash codes with PWDUMP. If they manu¬ 
ally copy both Registry files into their own 
Registry, NT will use the hijacked SAM. 
Although users don’t have administrative 
privileges at work, they are administrators 
on their home PC. From their home PC, 
they can dump the hash codes and, at their 
leisure, perform as many dictionary attacks 
as they need to find the passwords. 

To copy the hijacked SAM to a local 
Registry when NT is on a FAT volume, 
users just boot to DOS and copy the file. If 
NT is on an NTFS volume, users can use 
Regrest, another utility on the resource kit 
CD-ROMs. However, the hives in the 
Repair directory or from an Emergency 
Repair Disk are compressed, and a com- 
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pressed Registry doesn’t work in NT. But 
the compression algorithm isn’t difficult; 
you can easily uncompress those files with 
the Expand command in %SystemRoot 
%\System32. 

If users replace the SAM and attempt to 
log on as the hijacked Administrator, they 
overwrite their personal administrative pass¬ 
word and don’t know the new stolen pass¬ 
word. However, the utility NT Locksmith, 
available at http://www.winternals.com,lets 
you change the local administrator pass¬ 
word. Running this utility requires physical 
access to the NT machine. Most people do 
not have physical access to servers at work, 
but they have access to their home PC. After 
users change the password, they can log on 
locally and dump the hash codes from the 
hijacked SAM. 

HACKER GOAL THREE: 

CRACK NT’S PASSWORDS 

Once users have the hash codes, they can 
use NT Crack, LOphtCrack, or a similar 
utility to perform a dictionary attack 
against NT, as you see in Screen 2. The 
outcome of the password crack depends on 
the quality of the wordlist, or dictionary, 
hackers use to perform the crack. The 
more words, dates, numbers, and wordplays 
that are in the list - and the more complex 
they are - the better the chance for a suc¬ 
cessful crack. Therefore, a good password 
security policy greatly reduces the likeli¬ 



hood of a successful crack. 

For good password secu¬ 
rity, you can prohibit blank 
passwords and require 
tain password length, for 
example a six-character 
minimum. Require com¬ 
plex passwords, usually a 
random selection of letters 
and numbers. NT’s User 
Manager won’t let you 
force complex passwords. 

However, you can set all 
your users’ passwords manually and not let 
users change them. Or Screen 3 shows 
how you can use a resource kit utility, 
Passprop, to require a simple level of pass¬ 
word complexity. In addition, you can 
make passwords expire after a certain 
period and keep a password history so users 
can’t use the same password repeatedly. 

IS ALL HOPE LOST? 

My goal here is not to show hackers, step 
by step, how to break into NT. Rather, I 
want to call NT administrators to arms to 
strengthen their network’s weakness before 
someone takes advantage of it. The best way 
to defeat the enemy is to understand the 
enemy’s tactics and know your weaknesses. 

Is NT insecure? It is open to exploita¬ 
tion. But strong security policies will 
greatly reduce the possibility of a security 
breach. PWDUMP, NT Crack, and 


LOphtCrack are dangerous utilities. But 
these utilities are useless until someone can 
gain access to NT’s Registry. Microsoft has 
not protected NT’s Registry as well as it 
might have. You can counter this weakness 
by implementing stricter security on the 
active Registry and especially the Registry 
backups - tape backups, the Repair direc¬ 
tory, and Emergency Repair Disks. If the 
Registry is secure, NT is secure. And if NT 
is secure, you can sleep better at night. □ 



John J. Meixner has been a network administra¬ 
tor and a trainer since 1981. He currently trains 
IS professionals in Windows NT. You can reach 
him at john_meixner@masteringcomputers.com. 
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NTS is an Australian company in the business of assisting 
organisations in taking control of their Windows NT network. NTS 
has 3 major products in its arsenal, NTSecurity Administrator, 
NTSecurity Daily Up Time & NTSecurity Daily Event Log. These 
are totally passive products, and do not make any changes to 
any servers, they are installed on a single NT Workstation. 

‘Insecurity Administrator 

Provides unprecedented Security and Systems Management 
exception reports for a Windows NT Domain. Providing full 
Account and Group information and exceptions, along with File, 
Printer & Share security exceptions and information. Systems 
Management reports are essential, as a result reports showing 
all Computers in the Domain, Directories in Standard Directories, 
Obscure Files in Standard Directories and a list of all Scheduled 
Jobs. The most powerful feature is to be able to compare each 
servers Services, Policies and User Rights, thereby actually being 
able to diagnose and pre-empt system failures along with 
enforcing pre-determined organisational standards. 

insecurity ‘Daily ‘Event Loy 

This tool now makes it possible to review all server Event Logs, 
in a single file, automatically, quickly, daily, without recognised & 
justifiable erroneous records and messages, in hard copy if 
required. This provides an opportunity to know and understand 
your servers “normal” daily operation, by using a totally 
configurable, simple to use control file to exclude and include 
records on a server by server basis if required. 

After all wouldn't you like a single report on all your servers event 
logs every morning hen you walk in? 

insecurity Daily Up ‘Time 

This tool provides you with the data to advertise to Management 
and your clients, how well you are doing in ensuring the servers 
and network availability. This alerts you when a server has gone 
down and when disk space falls below a given threshold, it also 
creates a history of server up time and disk space. These reports 
provide a pre-emptive and pro-active tool that can assist you in 
prediction when disk space shall be required and track down 
where and when there has been an excessive consumption of 
disk space. 


insecurity Administrator 

Systems Management Reports 

Accounts-Total 

Accounts-With A Logon Script 
Accounts-With A Profile 
Accounts-With Descriptions 
Accounts-Without A Home Directory 
Accounts-Without A Home Drive 
Accounts-Without A Logon Script 
Accounts-Without A Profile 
Accounts-Without Descriptions 
Accounts-Without RAS Call Back 
Accounts-Without RAS Call In 
Computers In Domain 
Directories In Standard Directories 
Groups-That Are Not Used 
Groups-That Do Not Have A Description 
Groups-Total 

Groups-With No Members 

Obscure Files In Standard Directories 

Printers-Total 

Scheduled Jobs 

Shares-Without Directories 

Security Reports 

Accounts-Disabled 
Accounts-Locked Out 
Accounts-Never Been Used 
Accounts-Not Used In More Than x Month 
Accounts-Passwords Can Not Be Changed 
Accounts-Passwords Do Not Expire 
Accounts-Passwords Not Required 
Accounts-Restricted To Workstations 
Accounts-That Are Expired But Not Disabled 
Accounts-With Privileges 
Accounts-With RAS Call Back 
Accounts-With RAS Call Back But No Number 
Accounts-With RAS Dial In Access 
Directory Level Security Exceptions 
Shares With Permissions 
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etwork troubleshooting is always a complex 
task for a systems administrator. A myriad of 
problems can occur on your network, includ¬ 
ing problems with the network’s physical layer 
(wiring), problems with the NICs running on each 
machine, and even problems with the logical layer. 


Diagnosing the exact problem is often a time-consuming, 
trial-and-error task. 

To diagnose network problems, systems administrators 
generally use a network monitoring tool, sometimes 
known as a protocol analyser. These devices can be either 
hardware or software that lets you review all packet traf- 
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Monit ng 
wit SMS 


Diagnose network problems with this utility 


fic on your network and look for different 
problems. Basic hardware and software network 
monitoring tools do not provide diagnosis capabil¬ 
ity: they often collect only statistics and packets that 
you must manually sort through to figure out a 
problem. Advanced, multithousand-dollar hardware 
devices use built-in artificial intelligence to deter¬ 
mine what, if any, network difficulties you have. 

Microsoft BackOffice users do not need to 
spend thousands of dollars on a network monitor¬ 
ing solution. The Systems Management Server 
(SMS) component of BackOffice includes one. 
Unfortunately, many administrators are unaware of 
this feature and its power, because it is not ade¬ 
quately documented in reference sources, third- 
party SMS books, or training videos available from 
a variety of sources. 

The Network Monitor lets you observe dozens 
of different protocols traversing your network. 
These protocols include basic ones Microsoft prod¬ 
ucts use to communicate with one another, such as 
Server Message Block (SMB) for file sharing, and 
other protocols such as Dynamic Host 
Configuration Protocol (DHCP) and NetBIOS. 
The monitor supports all major TCP/IP protocol 
components, including low-level TCP, IP, and User 
Datagram Protocol (UDP) packets, and higher- 
level protocols such as FTP, NFS, and Domain 
Name System (DNS). For NetWare-enabled envi¬ 
ronments, the Network Monitor lets you watch 
NetWare Core Protocol (NCP), IPX, and SPX 
traffic. For a complete list of supported protocols, 
refer to the SMS Administrator’s Guide. 


Where Is It? 

When you install SMS, the Network Monitor 
component installs on your BackOffice server by 
default. (You can manually choose not to install the 
component.) To verify the presence of the 
Network Monitor, look in the SMS menu from 
the Programs option on the Start menu (or look in 
the SMS Program Group if you’re running 
NT 3.51). If an SMS Network Monitor icon is 
present, the component is available. 

Before you use the Network Monitor for inter¬ 
active debugging, you must install the Network 
Monitor Agent. Unless you insert this agent into 
your system’s network configuration, you can use 
the Network Monitor only to view the contents 
of capture files from other machines that have the 
Monitor Agent set up. To install the Monitor 
Agent into your system’s network configuration, 
you must manually run the Network configura¬ 
tion program from the Control Panel and add the 
Monitor Agent. Once you add the Monitor Agent, 
reboot to activate it. 

To use the Network Monitor, you must have a 
NIC that supports promiscuous mode operation. In 
promiscuous mode, the NIC routes all packets it 
sees on the network to the controlling network 
driver. Ordinarily, a NIC disregards any network 
traffic that does not have the NIC’s Media Access 
Control (MAC) address, a unique 12-character 
hexadecimal value each NIC manufacturer assigns 
to every card. Typically, if a packet does not have 
the correct address, your NIC will not route the 
packet to your computer’s network device driver; 








the card will discard packet. 

You can launch the Network Monitor 
in two ways. In the first method, select the 
SMS Network Monitor option from the 
Systems Management Server Programs 
menu in NT 4.0. The Network Monitor 
will launch with no filtering defaults. Or, 
launch the Network Monitor within the 
SMS Administrator by double-clicking the 
Network Monitor option when you are 
reviewing a personal computer’s properties 
within the SMS Administrator. This 
approach will automatically set up 
Network Monitor to filter packets for only 
that specific machine. 

Information Overload 

When you first launch the Network 
Monitor, information overload occurs. 
The main Network Monitor window, the 
Capture Window, appears and displays 
information regarding the network 
adapter the monitor is observing. If your 
NT machine is multihoming (i.e., you 
have more than one network adapter), 
switch between the adapters to make sure 
you’re monitoring the correct network. To 
switch adapters, select Capture, Networks 
from the menu. 

The Capture Window consists of four 
panes - Total Statistics Pane, Graph Pane, 
Station Statistics Pane, and Session Statistics 
Pane - and gives you an overview of net¬ 
work performance and information on the 
monitor’s capture status, as Screen 1 shows. 
Above the four panes, you’ll see a toolbar 
with several option buttons that let you 
turn individual panes on and off and start, 
stop, and view the packet capture buffer. 

Before you can collect network 
performance statistics, you must specify a 
packet filter and tell the Network Monitor 
to start collecting packets. A packet filter is 
a set of Boolean rules to tell the Network 
Monitor the packets you want to capture 
in the capture buffer and compute statistics 
with. Packet filters have two components: 
an origin address and a destination address. 
You can collect all packets that you plan to 
send to a particular address or those that 
originate from a particular address, or a 
combination of the two. You can also use a 
wildcard, ANY, to specify any address the 
Network Monitor observes. By default, if 



you start the Network 
Monitor directly from the 
Start menu, Network 
Monitor will use the ANY 
wildcard for both inbound 
and outbound packets. If you 
start from the SMS 
Administrator, the packet fil¬ 
ter will select packets only 
for the particular machine 
you specify. 

Display Panes 

When you use the Network 
Monitor, keep an eye on the 
Total Statistics Pane, which 
contains ASCII information 
on network statistics and cap¬ 
tured frame statistics. In par¬ 
ticular, watch % Buffer 
Utilised. If this number 
exceeds 100 percent, you will 
begin to lose capture data in 
your buffer, and you probably 
need to design a tighter 
capture filter or increase the 
buffer size. 

The Graph Pane provides 
five different graphical rep¬ 
resentations of the activity 
on your network: percent of 
network utilisation (from 0 to 100), num¬ 
ber of frames per second, number of bytes 
per second, number of broadcasts per sec¬ 
ond, and number of multicasts per sec¬ 
ond. Three numbers under each bar rep¬ 
resent, from left to right, the minimum, 
average, and maximum number achieved 
in the category. 

With the Graph Pane, you can quickly 
assess which category network activity 
originates from. For instance, if your net¬ 
work shows a high percent for utilisa¬ 
tion, you can use the Graph Pane to 
examine traffic classification. Is the traffic 
normal or showing a large number of 
multicasts or broadcasts? With the data 
on the bar graphs, you can determine the 
type of traffic on your network. For 
example, if you see high utilisation 
(resulting in slow network throughput) 
but a high number of broadcasts, deter¬ 
mining and correcting the broadcast 
problem will improve performance. 


■ SCREEN 2: 

Viewing the frame Viewer Window 

To identify stations consuming a great 
deal of network bandwidth, refer to the 
Station Statistics Pane at the bottom of the 
window.This pane summarises all traffic on 
the network on a station-by-station basis. It 
shows the network address, number of 
frames sent and received, number of bytes 
sent and received, and number of broad¬ 
casts from the station. Review the infor¬ 
mation on the line appropriate for the sta¬ 
tion in question. For example, assume that 
your users are complaining of sluggish out¬ 
put. A review of the Graph Pane shows you 
have a significant amount of activity but 
nothing extraordinary (such as a significant 
numbers of broadcasts). How do you 
determine the source of the problem? 

Double-click any column header within 
the Station Statistics Pane to sort in 
ascending order all rows by the values in 
the column. Double-click a column title a 
second time to re-sort all data in descend¬ 
ing order. Thus, to identify users consum- 


v.winntmag.com 













































Remote 


Access 


with Windows NT 


\&uneed an alternative 
to the “enterprise wide” 
remote access solution— 
one specifically designed for 
your small to medium size business. 



You need LantraServer. 



Why do you need an alternative to “enterprise wide” 
remote access solutions? Because larger solutions 
replace Windows NT RAS with complex, proprietary and 
often incompatible networking software. Extra effort, 
increased costs, and the need to purchase even more 
software is the result. Not to mention LAN administrative 
headaches as well. 

You won’t have those expenses with LantraServer.' 
LantraServer maximizes the growing remote access capa¬ 
bilities already built into Windows NT. Which means you 
get all the benefits of Windows NT RAS extended to every¬ 
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maintain full compatibility with all your Windows applica¬ 
tions. There’s nothing new to learn. Nothing new to pur¬ 
chase. If you’re already using Windows NT, you’ll have 
LantraServer up and running in less than 5 minutes. 
LantraServer fits into your Windows NT environment easi¬ 
ly, simply, and transparently. And you can maintain 
LantraServer so easily, you won’t even know it’s there. 

Get connected with the remote access solution built 
for people-not networks. LantraServer. The easiest, 
most cost-effective remote access solution for Microsoft 
Windows NT environments available today. Call Stallion 
Technologies for more information. 

1-800-NT-RRAS (1-800-687-727) 

Ask about our reseller incentive programs. 

stallion 


ing a large amount of bandwidth, you can 
double-click on the Bytes Sent or Bytes 
Received columns to observe the stations 
consuming the most bandwidth. 

The Session Statistics Pane contains 
information about the individual sessions 
running on your network and other use¬ 
ful details. It tells you where the packets 
originate and their destinations, with a 
packet count from the originating station 
sent to the destination and vice-versa. 
This pane also lists various system 
addresses, such as the NetBIOS multicast 
and IP Broadcast addresses, so you can 
identify stations that are sending a lot of 
packets in those categories. 

Once you identify the offending station, 
you may have to take the process one step 
further and retrieve the machine name for 
the station (if the Network Monitor does 
not provide the machine name by default) 
so you can determine which user is caus¬ 
ing the traffic. You can obtain this name 
through the SMS database and determine 
whether the traffic you observe is normal 
or a potential problem. 

Buffer Review 

Statistics collection and review are only two 
of Network Monitor’s capabilities. By far, 
Frame Viewer Window is a more powerful 
feature.With it, you can review the contents 
of the packets traversing your network. 

To access the Frame Viewer Window, 
stop the Network Monitors packet collec¬ 
tion: click Stop on the toolbar and then 
View, or use the Network Monitor short¬ 
cut key (Shift+Fll) to stop and immedi¬ 
ately view the capture buffer contents. 

The Frame Viewer Window consists of 
three panes, as Screen 2 shows: the 
Summary Pane, Detail Pane, and Hex 
Pane. The Summary Pane displays a sum¬ 
mary of packets in the capture buffer. The 
Detail Pane displays the frame’s contents, 
including protocol information. The Hex 
Pane shows a hexadecimal and ASCII rep¬ 
resentation of the captured frames. 

To use the Frame Viewer Window, you 
first shuffle through the overview of frames 
in the capture buffer listed in the Summary 
Pane.The data in this pane includes a frame 
number, time of capture, source and desti- 


to transmit the frame, and a description of 
the frame’s contents. 

From the Summary Pane, identify the 
frame you want to view, and click it. The 
data in the Detail and Hex panes will 
change to reflect the frame you selected. 
The Detail Pane uses an Explorer-like, 
drill-down method for viewing capture 
data. When you select a packet from the 
Summary Pane, the Detail Pane will auto¬ 
matically show you the packet compo¬ 
nents. Each component will have a plus or 
minus symbol next to it to show whether 
you have exploded the view of that com¬ 
ponent. Each time you click an entry in 
the Summary Pane, you highlight the 
hexadecimal data the Network Monitor 
uses to decode the frame. 

For example, for a typical Ethernet 
packet, you’ll view three or more packet 
components. The first component is the 
base frame properties, the second consists 
of flags marking the packet as an Ethernet 
packet (including which Ethernet frame 
type is in use, such as 802.2 or 802.3), and 
finally the components of the particular 
protocol (FTP, DNS, etc.). When you click 
the plus symbols, you expand the individ¬ 
ual components and can view their struc¬ 
ture. Here you might discover that a TCP 
checksum or message became corrupt 
during transmission. 

The true power of the Frame Viewer 
Window is that it lets you view firsthand 
the data traversing your network. This 
feature is powerful for advanced network 
administrators who want to view the 
types of requests and data from both 
source and destination addresses. When 
you selectively target individual worksta¬ 
tions, you can inspect transmissions to 
look for telltale problems such as data 
corruption in frame headers or data 
packets. In these instances, you might 
have a physical-layer networking problem 
where an outside influence, such as elec¬ 
tromagnetic interference, is causing your 
network problem. 

Monitor Caveats 

Network Monitor’s limitations include its 
small default capture buffer and the need to 
have this capture buffer in real memory. 


es the buffer to rapidly fill up if you have a 
busy network. To change this value, choose 
Capture from the menu-bar and select 
Buffer Settings. Because the capture buffer 
must consume real, not virtual, memory 
(and thus avoid potentially losing network 
frames), keep this buffer size to a small, rea¬ 
sonable value (based on a percentage of 
your total system memory) to prevent sys¬ 
tem degradation. 

Another Network Monitor limitation 
is its ability to capture statistics only on 
the first 128 nodes it detects on the net¬ 
work. If your network has more than 
128 nodes, the network monitor will 
detect only the first 128 nodes and gener¬ 
ate statistics from them. This data might 
falsely show less activity on your network 
than you have. 

Another potential problem is segmented 
network traffic. If you segment your net¬ 
work using an Ethernet switch, the 
Network Monitor will see only packets 
that transmit over the leg of the network 
that the monitor is physically connected to. 
Again, this data might show an apparent 
decrease in the amount of traffic, especially 
if you use workgroup features on a seg¬ 
mented leg of a network where you don’t 
run the Network Monitor. To combat this 
problem and obtain more precise statistics 
on your network’s performance, install 
Monitor Agents on qualifying client 
machines on each leg of your segmented 
network.You can then interrogate and col¬ 
lect statistics from those agents with the 
centralised Network Monitor utility. 

Even with these caveats, SMS’s Network 
Monitor utility is powerful and flexible. A 
network administrator will find it helpful 
in diagnosing network problems. □ 
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$11:11 (up « 

Rest Of Australia (1-4 Days**) 

$9.95 (Up to 3KG) 

$14.95 (3KG to5KG) 

$39.95 (5KG+) 


Order by Phone Order by rax 


Corporate orders 


irder from 9am to 6pm Monday i 
riday and 10am to 3pm Saturday. 

Australia for the price of a local call 
»n 1300 360 799. Order before 5pm 



customers. If you ne 




Qty. Reference 


rrm rrm rmn rrm cm amm ; 



Orderline 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.softwate-warehouse.com 






















































































Order line 1300 360 799 
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HP ScanJet 5p Colour 
Desktop scanner 


Buy Photoshop 
version 4.0..* 

ONLY 


The push button front panel launches the scanning process, an 
innovation that makes it easier than ever for first time users to 
capture images and text. 

24 bit colour/8 bit greyscale with 300 dpi optical and 1200 dpi 
enhanced resolution. 

Energy saving features for low power consumption. 

Bundled CD-Rom Containing on-line tutorial and HP AccuPage 
technology for enhanced optical character recognition. 
CD-Rom also includes PaperPort by Visioneer, which launches 
automatically during scanning and allows the user to organise, 
and copy to other applications with point-and-dick ease. 
Includes OmniPage Lite OCR Software. 


and get a Hewlett 
Packard scanner F 

'4 f i dtbjhi 


and get a Hewlett 
Packard scanner fl 


Photoshop 


Orderline 1300 360 799 Order by fax 02 9700 S801 

Enquiries 02 9700 8800 internet site www.software-warehouse.eom 
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TurboCAD VI 
Windows 

It 


<* 

EZ Language 
Version 1 
































Y* 


< gm 


Special Upgrade: 

Symantec Norton's 
Antivirus 


Bonus $lOOs 
worth of 

te high impact _ _ „ M S ^ 

R.R.P. publications in K - K - K Digital Products 

599 a few eas y steps! $119 


All prices include sales 


Microsoft 

Music Central 

•150 sound Effects S IMSI 
•full library of video 


•1,000 stunning 
Photos 

•1,000 True type fonts , 


35,000 Master Clips 


The value 
pack contains 

ms Office - 


inducing 

Microsoft 

Word 97 

Microsoft 

Excel 97 

Microsoft 

Powerpoint 

Microsoft 

Access 97 

Microsoft 

Outlook 

Bookshelf Basics 

Microsoft 

Intellimouse 

Microsoft 

Publisher 97 


World Atlas 

Microsoft 

Picture it 

Microsoft 

Money 97 

Microsoft 

Internet Explorer 

Microsoft 

Games Sampler 


EVERYTHING FOR YOUR PC- DELIVERED NATIONWIDE! 

WThe Microsoft value Pack 

■save $K)0s in a great package plus 
receive great Software Warehouse extras 


With MONEY you have 
everything you need to 
manage your 
finances and R.R.P. 
plan your future. $49 


Microsoft Office 97! 

Get organised, get „ 
connected and get r '- r '- r - 
great results fast! $499 































Multi-user accounting that's as easy as M.Y.O.B 


M.Y.O.B. 

Premier Accounting 


Orderline 1300 360 799 Order by fdx 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 


IP YOU CAN PINO IT CHEAPER CALL US - WE WON'T BE BEATEN!* 


Dj 


Australia's own , 
world class 
accounting software 


000'S 


of buyers 


choose 


software 


M.Y.O.B. IS AUSTRALIA'S FAVOURITE 
USED BY OVER 90,000 BUSINESSES 

The M.Y.O.B Family of accounting software all share a common aim - make real accounting power accessible to everyone. With M.Y.O.B. you 
will get on top of your accounts fast - no need to wrestle with debits and credits. M.Y.O.B. makes it easy - simply fill out familiar forms 
(cheques look like cheques, invoices on screen look just like they do on paper). Meanwhile M.Y.O.B. maintains full double-entry journals - 
just how your accountant wants - behind the scenes! 


every month! 


M.V.O.B. FirstAccounts 

Your ideal first accounting system. M.Y.O.B. FirstAccounts makes it easy for you 
track income and expenditure, reconcile bank statements, create and print 
invoices, statements, and purchase orders, track who owes you money and who 
you owe money to. Produce Profit & Loss and other key reports with a mouse c 


M.Y.O.B. Accounting vr 


M.Y.O.B Accounting 
with payroll vr 

























internet FastFind 



pcAnywhere 32 7.5 


Easy remote access to PCs from anywhere, anytime! 




Your Eyes Only 



sYMKi Norton For Your Eyes Only 4.0 Win 95 3.5". 

SYM004 Norton For Your Eyes Only 4.0 10 User Win 95 


$129 

$995 


Par the east of , 


Orderline 1300 360 799 b n 

es Open 9am til 6pm Monday to Friday and 10am til 3om Saturday -^ ^ ^ ^ I 









































QuickBooks Pro with Payroll has Quicken for business looks and 






Orderline 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software- warehouse, com 


international 

SOFTWARE WARE 


IF YOU CAN FIND IT CHEAPEN CALL US - WE WON'T BE 


QuickBooks QuickBooks Quicken 
pro Pro with f °r _ 

Payroll Business 


The Fastest, easiest 


QuickBooks Pro 
includes everything 

in QuickBooks plus - 

time tracking. way to manage your 

estimating and job business. invoicing 

costing. - - 


Ltd 


BEATENi* 




the 


features 


Has 


all 


of 


Quicken 


Easy 











































_ WordPerfect Suite U8 

Communicate. Collaborate, connect to the Won a 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


Toolkit for Quality Assurance 

Quality Assurance for your Business 
- ISO 9001 / ISO 9002 



10 


Orderline 1300 360 799 ^ m 

=5 Open 9am til 6pm Monday to Friday and Warn til 3pm Saturday. 1 — I L m A £ 






























i erline 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON'T BE BEATEN!* ^ 


Business & Marketing 
Plans -The Easy 


Software 
Warehouse 
every month! 


save 50 - 90 % of the time 


to prepare a plan! 
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EVERYTH ING FOR YOUR PC - DELIVERED NATIONWIDE! 


Claris FileMaker Pro 

The easy to use relational database! 



FileMaker Pro 3.0 is the only relational database 
application designed to help you easily manage and 
share information in the real world. 

Starting with raw data, it's fast and easy, ^ 
to create working databases on the 
Macintosh, Windows 95, Windows NT, or 
Windows 3.1. 

In fact, Filemaker Pro comes with a 
complete set of professionally designed 
templates for instant business, education 
and home solutions. When you're ready ti 
customise your 
database, 

FileMaker Pro 
has a set of 
powerful, yet 
extraordinarily 
easy-to-use tools 
that will take 
you well beyond 

standardised 
wizards and 
other assistance 
technologies 

leave you. Create stunning input screens, reports, labels and 
mail merge letters in a flash. Automate frequently-used 


Claris FileMaker Pro 


procedures and sequences - and much more. You don't have to become a 
database expert in order to take advantage of FileMaker Pro software's 
full potential! Nothing makes it easier to organise all your vital 
^information and put it at your fingertips. 

(Users of FileMaker Pro 3.0 can now employ text 
“■ulers (inches, centimetres or pixels), tabs, 



Runs on 
Windows 3. 
Windows 9s 
Windows ht 


CLARIS' 


64,000 characters in any formatted fields. 


maries to many levels of detail. 


c File Sharing - Convert your databa 


he Picture/Sound field type hai 


"We have listened closely to our customers in the Windows 
■er community, especially those within large corporations, small 
business and even home settings in providing a 
version of FileMaker Pro that can be used within many 
Windows environments". 

Patrick Maloney, Managing Director, 

Australia and New Zealand, Claris International 

Claris Corporation is a leading worldwide vendor of Windows 
and Macintosh applications for business, education and home 


$119 


For Che cost of 
o foeof caff 

Sales Lines Open i 


Or tier line 1300 360 799 a 

9am til 6pm Monday to Friday and 10am til 3Dm Saturday '— » 












































IF YOU CAN FIND IT CHEAPER CALL US - WE I 


I T BE BEATEN!* 


Claris Home Page 2.0 


The essential web page 


ClarisWorks Office 4.0, the easy and reliable office productivity suite, featuring software 
solutions for accessing the Internet and includes all the office tools you have come to 
expect. ClarisWorks Office 4.0 Internet Edition empowers small businesses to manage 
everything from invoices and business letters to setting up a Web page without expensive 
technical consultants and without headaches. 

Easy on tamp to the internet: 

For the many small business users who recognise the importance of Internet access but are put off by 
the technology, this special edition of ClarisWorks Office 4.0 provides a complete solution. 

ClarisWorks Office 4.0 - Internet Edition software includes platform-specific solutions for easy Internet 
access. To get you accessing the Internet ClarisWorks comes with a selection of Internet connection 
software from leading Internet Service Providers, along with Netscape navigator for Windows 95 users. 
For finding information on the Web included is The ABC's of the Internet and the Internet Yellow Pages 
book on CD-ROM, and Claris Home Page 2.0, the next generation of the web authoring tool that lets 
users build dynamic web pages in minutes. 

For the Office: 

ClarisWorks Office is a streamlined package which 
offers the right mix for the home & office & includes: 

• Word processing • Database • Spreadsheets 

• Drawing tools* Graphics features 

imisable documents designed 
istantly create professional quality 
tases, manage mailings, budgets and 
ris Works documents for managing 


Claris Home Page 2.0 Features 

One-Button Site Publishing 


authoring tool! 


CLARIS 


ClarisWorks Office 
4.0 internet Edition 
































IBM VoiceType Simply Speaking 
for Windows 95 & NT 

IBM's new dictation software, VoiceType Simply Speaking, is for anyone who would rather talk 
than type. Imagine sitting in front of your computer and simply saying what you would normally type. 

Just plug in the headset microphone, which is included in the box, complete the easy installation process 
and start using your computer in a new, fun and productive way. 

VoiceType Simply Speaking uses IBM's award winning VoiceType speech recognition technology 
and is the result of more than two decades of IBM research and development expertise. This means that 
every component of the program has been developed and tested to the highest industry standards. 

VoiceType Simply Speaking works on desktop and mobile computers and is ideal for students, 
home computer users and small offices. It requires Windows 95, and a Pentium 100 MHz computer with 
16 MB RAM, 38 MB of free hard disk space, a double speed CD-ROM drive, and a SoundBlaster 16 or 

Now virtually anyone can start talking to their computer with IBM VoiceType Simply Speaking - it's fun, 


* Dictate e-mail * Reports 

* Complete Essays, theses, reports and more! * Essays and assignments 

* "Simply speak" lesson plans, lectures and speeches 

• Typical accuracy of over 95% after optional enrolment 

• VoiceType Simply Speaking learns as you use it, steadily increasing in accuracy 

• Recognises 'discrete' speech (speaking with a slight pause between words) at speeds of 70-100 words 





• Includes a vocabulary of 30,000 UK English 

• Dictate with your hands and eyes free 

• Full audio playback of your dictation if req 


II prices INCLUDE s 


or 27,000 additional words 


Orderline 1300 360 799 


























Orderline 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software- warehouse.com 

























NTERNATIONAL 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


FormTool '97 

Quickly and easily create 
professional forms 

form. With its powerful and 
>nal looking forms and saving 

FormTool 97 is the easiest and fastest way to automate any form. Form' 

you can add lines, circles, check boxes, pictures, text and more in colour. Included in this 
package are over 400 professionally created form templates: Invoices, purchased orders, 
expenses, reports and many other commonly used forms! Customize any form with your log 
and address In minutes. Your whole entire office can access and fill out forms over your 
network. And to get your office started, we’ve included a 3-user form-filler license. Then you 
can use FormTool’s e-mail ready "Sign and Send" feature to electronically route your approval. 
Top Features 

* New networking features include: Electronically send the form to a group of people via 

data to the layout and field level with password control. 

* FormTool 97 allow users to store, sort, and create reports with the nei 
relational database feature. Access data directly from any X-Base com 
format, Dbase III or IV. 

* Easy form design or customize your choice of over 400 pre-designed forms. § 

' ' ” *' * a FormTool form a 


F0RMT00L7 



Create, Fills 
Route Any Form 
Electronically 


te Filler module all 
a network for filling as w 
* Familiar Microsoft Office 
all user standard MS nam 
recognizable. 


IMS022 FormTool 97. 

1MS049 FormTool 97, 5 user. 

iMsoso FormTool 97, 15-49 user .... 

imsosi FormTool 97, 50-99 user. 

IMS 052 FormTool 97, 5 100 +user.. 


ig toolbars 


. $129 

$419.95 

$C3each 

$50.50each 

$37.80 each 



■ Includes 400 professionally created templates applications 
• Send & Sign Feature 


E9ND0WS 


a 



Net Accelerator 

Co tzx caster on the Internet! 

NetAccelerator speeds you through more of your favourite pages by maximising the efficiency of 
you modem, browser and telephone line. Whenever you pause to view a site, NetAccelerator 
stays busy behind the scenes seeking out available links and downloading the related graphics 
and text. When you choose a link, the downloadable page appears instantly. 

NetAccelerator adds the efficiency you need to get the most from your time Online. 

NetAccelerator speeds you Internet Explorer or Netscape web browsing by using the idle time of 
your modem, intelligently load web pages in the background. Whenever you pause to view a 
site, NetAccelerator stays busy behind the scenes seeking out available links and downloading 
related graphics and text. When you choose a link, pictures and text appear instantly! Users will 
benefit by having faster access to web pages without any special hardware. 

NetAccelerator works with standard modems, ISDN and direct network connections. 


includes internet FastFind 
from Symantec. A suite of 
powerful search utilities 
for the internet. 


• Look-ahead catching including graphics 

• Intelligent caching, utilising the built-in caching support fo 

• Automatic updates from the web 

• Support for both Netscape and Internet Explorer on the sai 
(including multiple instances) 

• 32 bit only 

• Small installation size (2.0 MB) 

• Support for Netscape 2.0 and higher Internet Explorer 3.0 < 



go12x 

FASTER 

ONTHE —. 

internet! 

Accelerator 

With Powerful Utilities to Make the 
Most of Your Internet Connection 


>21 NetAccelerator.. 


$49 


EStndows 

1995 WIN 1 OO 


e 3 for terms & conditions. 


Order line 1300 360 799 
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NATIONAL 


: YOU CAM FIND IT CHEAPER CALL US - WE WON'T BE BEATEN!* 


Business Planner helps 
businesses construct Business 
Plans. 



Marketing anti 
Sales Planner 


Orderiine 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 







































































EVERYTHING FOR VOUR PC - DELIVER ED NATIONWIDE! 1 

interactive 
Multimedia Training 

Training for the Office or Home 

Viacrafix CD-ROM Interactive Series 






lowing different subjects within the related chapt 

There's a huge range of tutorials available for 
Windows, MS Office 95/97, Internet and most other 
software at all levels - just ask if it's not advertised. 

vgfooi Word 95 - Introduction 
VGF002 Windows 95 - Secrets & Timesavers 
VGFM3 Outlook 97 - Scheduling 
vgfom World Wide Web - Learning 
vgfoos PowerPoint 97 - Introduction 
VGF006 Access 97 - Introduction 
vgfooj Windows NT messaging - Introduction 
vgfoos PC Viruses -Understanding & Protection Introduction 
vgfoos Publisher 97 
vgfoio Front Page 97 

All Viagrnfix Interactive Titles 




The Complete 
idiot's Guides 




MICROSOFT 

WINDOWS NT 

WINDOWS 95 

ACCESS 97 

WORD 97 




aSSST" 



ste Tve^iewof Window* 


Database Wizards and much 
of°databases, t^Corrfplete 


presents all the information 

SSSsusers 



ESSrr 

r,rr d,nanapproach 

Windows NT 4.0 has to offer. 

SHH^- 9the 

i| 

1 


iokioi MS Frontpage 97 ..$24 95 

,0,002 WindowsNT .$24“ 

,0,003 Windows 95 .$24“ 

,0,000 ACCOSS97 .$24“ 

,0,003 word 97 .$24“ 


18 wBmOKBeamB 1300 360 799 
































Orderline 1300 300 799 order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 


- WE WON'T BE BEATEN!* 

windows 
DRAWS 
Graphics & 
Print Studio 

Windows DRAW - by far the best value in 
graphics for the home and small office 
computer user. 


Vi 


small Business 
Graphics & \A 
print Studio 


All the tools needed to 
make small businesses 
look bigger and better! 


| IE YOU CAN FIND IT CHEAPER CALL US 

CreataCard 

Over 3.000 cards you can personalize and print! 


Simply SD2 

Outrageously easy 3D graphics and animation! 

Simply 3D2 gives any user 
a powerful 3D and 
animation product packed 
full of functionality. 

This revolutionary new 3D and animation 
product has been designed to enable anyone to 
instantly add stunning 3D graphics and 

Web pages. 

Its real-time modeling, drag and drop^ 

Internet support through VRML2 an 


























S79’ 


Master Graphics Converter 


S79 9s 


Master Graphics 
Conuerter 


World's largest and best Clip art 
collection ever! 


With Masterdips 150.000 you'll find all the images you need to 
greeting cards ,web pages, multimedia presentations, signs, bar,,,*,, „„„ „ lu[ „, muc 
collection of dazzling clip art. spectacular MasterPhotos, True Type fonts, lively web 
captivating video clips. It's easy to perfect any design using MasterClips150,000! 

Why MasterClips is the Premium Image Collection! 

With MasterClips 150,000 you'll get an incredible collection that includes all the clip art, photos, fonts 


intiem 

Category Page 
Product Listing 2 
Introduction 3 


RP »9 


$79 9s 


MSI 


4 » prices include s 


Or tier line 1300 360 799 u ra ; 

n 9am til 6pm Monday to Friday and 10am til 3pm Saturday. I — —I - -4' I 












































Floor Plan Mil 
3D Deluxe 

Design your complete home, office or garden 
quickly and easily with Floor 3D Deluxe. 


TurboCAD ua.o 

Professional HflKII 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* 


TurbOCAD V4! 


$099 


TurboCAD I ra continues to be 
the leading value in desktop 
CAD for the CAD hobbyist, 
home user or occasional 
professional user. 


SSgtNDOTO 


MSI 


195 


Orderl'me 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 






































22 sSSOh deHme 1300 360 799 mzm [3 

Sales Lines Open 9am til 6pm Monday to Friday and 10am til 3pm Saturday. 





























































PaintshopPro 
- More than just 


Pty. Ltd. 


IF YOU CAN FIND IT CHEAPER CALL US - 




Adobe 

Pagemaker 6.5 


^ U 

with every 


$979 

$199 


Adobe 
illustrator 
version 7.0 

Simply the finest 
illustration software 


Adobe PageMaker 6.5 

303i Adobe Pagemaker 6.5 (Win). 

je Pagemaker 5.0 U/G (Win). 

Adobe 

Photoshop 4.0 

a camera for your mind 

reate original artwork, correct colour, retouch 
nages and prepare professional quality 

8* Adobe Photoshop 4.0 flexibilty than ever before. 

■jo Adobe Photoshop 4.0. 

s Adobe Photoshop 4.0 U/G. . $299 

Adobe 
Acrobat 3.0 

The fastest way to publish 
any document online 


w 

adoo 47 Adobe Illustrator 7.0 (Win)_ 

adoo 54 Adobe Illustrator 7.0 U/G (Win). 

$729 

$198 

Adobe Acrobat 10 

AD0029 Adobe Acrobat 3.01 

Create & share documents across platforms 

Win). $299 

Adobe 

AD0061 Adobe Illustrator 7.0 U/G (Mac)_ 

$209 

adoo 45 Adobe Acrobat 3.0 U/G (Win). $ 109 


Orderline 1300 360 799 order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 































Orderline 1300 360 799 B 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


visio Standard 5.0 


The smartest way to create 
all your business diagrams 

With Visio you can easily create any kind of business diagram - 
everything from timelines to network diagrams to office layouts. 


Technical 

Create ana share 


For the it experts! 


Diagrams for all 
business users 

is designed to help increase th* 

them to easily communk 
and flow, reporting 
Visio Standar 


$299 £479 

.$3849 STOCK CODE: VIS107 


$299 $479 

mm Visio Professional 10 user license pack ..$3849 STOCK COOS: VISIOS 


















































IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* JtKKi. 


Print & 


DRAW 7 


even month! 


Productivity, 
power & precision! 


Exceed the boundaries of traditional design 
with CorelDRAW 7. Created for the 
professional illustrator, graphic artist and 
desktop publisher, CorelDRAW 7 leaps 
ahead, capitalising on its strengths and 
giving you even more 


$379 


V Corel Print & Photo House 

Jjl^J JBpf offers a comprehensive set 

°f powerful drawing and 

■ Mlllltol | photo-editing tools perfect 

for your home office or 
small business projects. 

With a full library of clipart images, ready-to-print sample files, 
photos, phrases, and fonts, creating professional-looking projects I 
is easy. The fully customisable design tools are complemented by 
an intuitive interface to help you achieve the original look you 
want. Use the Notebook, a handy on-screen help feature, to 
guide you through tasks. Both novices and experts alike can 
design unique and personalised greeting cards, stationery, 
banners, certificates, business forms, signs, recipe cards, 
calendars, photo album pages and more, in a few simple steps. 

comm Corel Print & Photohouse ... 


Graphics 
Explosion 
Deluxe edition 

Create stunning presentation, stationary, advertising 

This exciting 5 CD Pack contains all you need to create 
stunning professional-looking designs ideal for the 
Professional, home & small office. 

Just take a look at what is included: 


DocuMayix 

PaperMaster 

Put a real file cabinet inside your PC! 






\ PaperMasteii,W e 


s amazing AutoSearch capability that 
lows you to find by title text, 





Orderline 1300 360 799 Order by fax 02 9700 8801 
Enquiries 02 9700 8800 Internet site www.software-warehouse.com 




























EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


The wot Id's No. f best selling 
communications software is 
the only complete solution to 
access all your PC communications 


Whether you're cruising the Internet, sending or receiving a fax, or 
downloading a file from the office, Procomm Plus 95 has everything 
you need to communicate via your PC. Pax, Internet and Data 
functions are seamlessly integrated into one intuitive interface. The 
quickest most reliable way to get the most from being connected. 
Procomm Plus 95 allows you to work at your computer the way you 
want to, moving from one activity toy the next with ease. Procomm 
Plus 95 also boasts the new feature Procomm Remote which allows 
you to connect from anywhere to control your office or home PC files 
and applications as if you were sitting there. Remote control is also a 
great way to read and send e-mail, Share applications and files 
between your laptop and desktop. 

WHAT THE PRESS ARE SAVING 

"...read all the review to appreciate the magnificence 
of the product" 

"...easy to operate, a dream to install" 

Micro Computer Mart 



QEMM 97 ^7 

Get more from your memory 
- Load applications faster 

With the new QEMM 97 you get the most from your memory for Windows 95, 
Windows 3.1 and DOS! 



QEMM 97 picks up where Windows 95's memory management leaves off, loading 32-bit 
application up to 60% faster and dynamically reclaiming under-used memory, resulting in snappier 
application performance. 

QEMM 97 automatically analyses your system and configures itself for top performance. By 
making memory usage under Windows 95 more efficient you can also run more applications at the 
same time. DOS applications, especially games can now run seamlessly from the Windows 95 
desktop with full memory enhancing benefits of QEMM 97. 

QEMM 97 now includes Update-lt for automatic updates over the Internet, guaranteeing you 


FEATURES 

• Always the 


I DOS. 


I major awards, QEMM 97 brings a decade of know-how to 
olutely the best integrated set of memory management tools for 

Designed for 


• Makes windows 95 more efficient - run more applications at 
the same time 

• DOS aplications especially games can now run seamlessly fron 
the Win 95 desktop. 

• Over 4 million copies sold and major awards 


QEMM 97 


$99 



Unleash the 
full power 
of your 
Ik memory! 


For the cost of 

II 

Open 9am til 6pm 


Orderline 1300 360 799 


y to Friday and Warn til 3pm Saturday. 


























IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* 

Essential Utilities 97 

4 in 1 software Bundle 


CleanSweep 3.0 

The world's leading uninstaller 


Whisk away unwanted files and get better perft 


$135 


Partition-lt 

The essential hard drive 


Upaate-it 


rs 

Safety sweep "green lights" 
those files that are safe for you 
to remove 


I GeanSweep can automatically I 
update itself over the Internet, I 
so you'll always have the mostB 
up-to-date application I 
knowledge base 


Orderline 1300 360 799 Order by fox 02 9700 8801 
Enquiries 02 9700 8800 internet site www.softwure-wurehouse.com 


27 

























vS«i r 


$35 


$65 


* Orderiine 1300 360 799 M R 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


system 

recovery 

First time.Every time . 
Guaranteed! 


Doublezip 

Get more stuff into and out 
of your zip disks! 

At first 100MB Zip disks seem like all you'll never need. But file sizes quickly 
expand to the available storage space and you find yourself wanting even 
bigger storage. DoubleZIP 97 


imageCommander 


imageRobot 


image Pile Format 
Batch Conversion 


Jasc ImageCommander is a quick and easy 
to use graphics viewer. 


Sales Lines Open 9am til 6pm Monday to Friday and 10am til 3pm Saturday. 



































IF YOU CAN FIND IT C 


? CALL US - WE WON'T £ 


EHBEBHSa 


Antivirus 


Automatic Virus Elimination 


MMfUS 


Virus Protection From; 

• Internet Downloads 

• Floppy Disks, 

• Email 

• Shared files 

• Networks 

• Macro . 


WO% Detection & Removal 




ac seen 


AS a*'* 
Off TM 


why 
of buyers 


software 


Supports Windows 95, 
Windows NT, 
Windows 3.0 
and DOS 

Free Updates 
Online 

Norton Antivirus 95 


Norton Utilities PC Handwnan 



Over is Million users 


world Wide. 


• Protects you against 
software conflicts, 
Windows problems lost 
files,PC crashes, screen 
Freezes and more 

> Stops computer viruses 
before they damage your 
computer 

• lets you customize 
Windows 95 

• Monitors your favourite 
Web sites 

• Automatically downloads 
software updates and 
patches 


"Computer Problems 
solved - automatically" 



Order line 1300 300 799 Order by fax 02 9700 8B01 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 




























» Protect Against GPFs 

■ Improve Stability 

■ Prevent Loss of Data 

■ Windows 95 and 3.1x 


Index 


• Australian Business 
Software of the Year 


flEHOUS 


Order line 1300 360 799 ^ [=] 


EVERVTHINC FOR YOUR PC ■ DELIVERED NATIONWIDE! 


The Ultimate 


Windows crash protection 


STOP WINDOWS FROM 
CRASHING!!! WITH 
RAM GATE! 


Have vou Ever Been 
Annoyed by any of 
these Error Messages 
on your PC? 


..then you need 











































































IF YOU CAN FIND IT CHEAPER CALL US - WE WON'T BE BEATEN!* 


RamCate Deluxe 

Place a protective shell around your applications 


How 1 


: Works: 


WINDOWS 

CRASH 

PROTECTION 


stop problems before they occur 


Fig. 1 


App 1 App 2 App 3 App 4 App 5 


App 1 App 2 App 3 App 4 App 5 


App 1 App 2 App 3 App 4 App 5 


RamGate will pack the memory heap, ensuring that the 

With RamGate Deluxe you nominate which applications are mission critical so as 
RamGate Deluxe will pack the memory heap each time a Deluxe configured applic 
launched. Secondly, Deluxe builds a small buffer zone into the applications request 
memory and resources. It achieved this by intercepting the applicati 

resources request and then adds a- 11 -"*™ *" Th “ * ,tar * 

buffer zone creates a protective sh 
of many more files. This further rer 
GPFs. The buffer Zones or protectiv 
between the applications in the memory nea 

\Re-booting Windows does not clean up the 
due to highly complex Windows startup rout 
fragmented between Windows sessions until 


RamGate Deluxe Testimonials 

"This product deserves special mention for a number of reasons. It's an Au ^ l ^"P r °*J uct ' 

received by users and testers and it worics in a completely different way to RAM Doublers with which it is often 

confused in popular perception". 

"An^AusbaMan^fhn/aie company has managed to do what Bill Gates can't do with his Windows operating systems". 

"Ramgate doesfor the windoes resource stacks what a defragmenting utility does for the Hard Disk". 

j -PC UserJanuery 1997 


II prices INCLUDE sales tax. Prices subject to change, a 


orderline 1300 300 799 Order by fox 02 9700 8801 31 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 






























your pc hets ever 
ashed, you win 
know why you need 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


Features 


f Fixes 
Windows 
Problems 
Automatically! 


CyberMedia 


First 


Aid 97 Deluxe 


First Aid £ 


For the cost of J 
a local call 

Sales Lines Open 9a 


Orderline 1300 360 799 s pq 

9am til 6pm Monday to Friday and 10am til 3pm Saturday. . 1 ^ ^ ^ I 





































N T E R N A T 



update your software 
automatically over the internet 

New software updates and hardware drives are being released on the Internet every day, desigr 
fix bugs, improve performance and add great new features to your PC. And most of them are ~ 

You can keep your PC running smoothly if only you could get these updates, but how do you 
you have installed the updates | ' ~ 

How does it work? 

1) Oil Change identifies all the installed softwaree applications and hardware drives on your PC 

2) Oil Change then checks with CyberMedia's master list of new updates and drivers that are currently 
available on the Internet and gives you helpful de 
benfit each update will provide 

3) You then select only the upodates you want Oil Change dc 
software automatically 

It's Easy and Risk Free 

Oil Change saves a backup of everything it changes so you can always undo your last update. One 
and your PC's original set-up is restored. 

Here"s what Top PC mechanics are saying: 

"Could be the most significant program to hit your hard 
disk in many a moon" 

- Netguide 

'The most advanced on-line tune up" 

-CNET Television 

"(with this) digital oil change.... you have not just software 
but living software" 

- Chiptalk KNX Radio 

"Oil Change ensures your computer is running the newest 
software... it doesn't get any easier than that." 


New uninstaller a.s tor windows 


Nationwide 

Delivery 



Orderline 1300 360 799 Order by fax 02 9700 8901 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 
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vet antivirus 

automatic virus Protection 
For nii Platforms 
Essentia! Protection 


Internet, intranets, networks, E^natl,-shared disks an< 

Virus Pf 

VET Anti-Vir 


enable viruses to spread. 

for vour Sysem 

system, whether it 


or a complex network of PCis in an organisation. (Ser 
vailable - please a& for information) 
rotection provides automatic virus protection and removal: 
ch time it is switched on or rebooted; it checks alt files asy 
mg|n infected file or disk; it provides iytomatk 
le to effectively clean files infected byJMjof the i 
jet; used on hundreds of thousands of PCis in mi 

istalled in many universities, government departments, cor,-, 

susersi PCs VET is regularly evaluatedby independent orgar 
ne top ten worldwide 

vet workstation Protection 

sy, the VET wjfksation box contamsv&sions for Windows NT 
ich operating s. 

more than a product - it is a service as well. All registered users receive free quarterly upgr 
for the duration of their licence and free unlimited phone support for the same period. 

FEATURES 

• Automatic Virus Protection • Internet and Email Protection 

• Total Macro Virus Sol 


95, 3.1 


The Top antivirus Package! 

Every major magazine that has reviewed PC-cillin has rated it the UK's top virus software for Windows 9 
and the Internet. It is the most effective virus protection you can get - don’t download without it! 
















What would you do if you lost all your 
data...right now? 



Data recovery for every Windows 95, Windows, and DOS user. 

Rescue Data Recovery Software gives you added peace of mind 
and handles the greatest concerns of all PC users; drive crashes 
and data loss! Through its automated procedures and patented 
"smart" recovery technology, RESCUE helps you to recover one of 
your most precious possessions; your computer stored 
information, graphics and data. 

Be Prepared... 


When disaster strikes re, 
users. RESCUE is so simp 
start recovering their ov 




y software for Windows and DOS 


itely no technical experti 


Your insurance Against Data Loss 

data is secure. Nothing can stop your hard drive from crashing when its time is due, but Rl 
an insurance policy, gives you the peace of mind and the security of knowing your data is 
available when you need it. Having RESCUE gives you the additional protection your data 

rescue Gets vour Data Back, Fast 

Other recovery programs require that you first fix the damage causec 

consuming and even runs the risk of further data loss. 

With RESCUE'S patented recovery technology you'll automatically and 
crash to quickly retrieve your valuable data. 

Prevent Lost Time, Lost work 

ig your lost work from ! 


costly. Imagine sitting at 
before and then having to re-enter it into your co 
Instead of agonising for countless hours in front o 
for you and recover all your Windows and DOS fil 
databases, graphics, games, deleted or erased file. 

Easy to use: 

RESCUE is the mo 

routing the recovery actions nec 


work that was completed weeks 
a gruesome task at best! 
rmputer, let RESCUE d 
ing: word processing, spreads 
;n data from compressed driv 


te, data recovery software in the market today. It 

iding, RESCUE operates independantly and 
iary to retrieve data from crashed hard drives and 


the past general failure messages left you few options. Norton, Central Point or 
Mace Utilities weren't likely to help.... Now there is a better solution ... RESCUE can 
recover data from all but the most thoroughly trashed disk... RESCUE works miracles..." 
Infoworld 

"RESCUE is a real life saver" 

Mobile Office Magazine 
"RESCUE goes further and recovers data ev 
physically damaged by holes or scratches" 

Personal Computer Magazine 

"If you're familiar with the message "error reading drive,Abort, Retry, Fail?" then you 
know that sinking feeling> RESCUE can now render that message meaningless!" 

CFO Magazine 



in if it is corrupted or if the disk is 



new Features... 

• Fully automatic data recovery 
for hard drives and floppies 

• Works on compressed drives 

• Works on deleted files 

• Fast, easy, safe 


OrdeHme 1300 360 799 
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IF YOU CAN FIND IT CHEAPER CALL US - WE WON'T BE BEATENI* « 


ReachOut - Remote Access 

Reach Any PC. Prom Everywhere. Everyway 

to files, data, or application from your PC? It's easy with the award winning ReachOut 7.0 from Stac. ReachOut 
note access from, and to virtually any PC running Windows NT, Windows 95, Windows 3.1, or DOS. 
irs workers, business travelers, telecommuters, home office workers, mobile executives, road warriors, and held desk personnel. Access all files, 
and databases. Ideal for sending and retrieving important files, editing documents, updating spreadsheets, chatting, or helping remote users. 

im everywhere you want to be, Stac's ReachOut 7 provides secure remote access to all files, applications, 
d databases back on your office PC your network, or any PC you are designated to access. 

)n't have ReachOut with you? No problem! Simply log onto the 
ternet, use a leading browser to download a ReachOut 
sssport Plug-in or ActiveX, and within seconds you’ll be 
directly controlling your office PC. 





exceptional password, callback, IntruderGard lockout, 
encryption, and virus checking procedures. ReachOut also 
offers automatic installation, connection wizards and scripl 
simple drag and drop file transfer. 

ReachOut is so fast that using it is just like sitting in front of your desktop and with ReachOut 
Passport you can remotely access your Internet connected PC using popular web browsers with 
lighting speed. There's no need to even take ReachOut with you. 

ReachOut is a proven winner - outdistancing all 
other brands in "Choice", "Best", "Recommended", 
and "First” awards 
from major computer 



Stac 

nmsa 


zetaFax 5.0 

Fax Software for 
PC Networks 


CD-Quickshare 




Orderline 1300 ZOO 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 Internet site www.software-warehouse.com 






















Make this your First Choice for Windows 95 Add-Ons" 


'..an essential tool!" 


| EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


Quick View Plus 

it. See it. use it. Print it 


me UnMlievabty Useful Utility for Windows 95/Windows NT 
















































How good is your virus protection? 


... An essential anti-virus utility toolkit providing reliable protection, 
detection and disinfection! 


Multiple detection t 

include unique heuristic and decryption engines to detect ei 
new and unknown viruses! 

Easily installed and fully configurable - 

Set protection levels to suit your own needs! 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON'T BE BEATEN!* 


THUNDERS VTE-Anti 


virus 


Stay one step ahead of computer viruses 

The minds that dream up viruses are ceaselessly attempting to develop new methods of breaking 
through existing security. To guarantee sufficient protection, most producers of anti-virus software 
issue quarterly or half-yearly subscriptions for updates. ThunderBYTE's tools and techniques have 
rendered this approach obsolete. Thanks to their revolutionary heuristic analyses and generic 
decryption techniques, the ThunderBYTE anti virus utilities are always one step ahead of the virus 


Ahead of the Competition 

The ThunderBYTE development team is always one step ahead of the competition when it 

•nacro virus family. ThunderBYTE is one of the few scanners able to understand the 0LE2 
format of Microsoft software like MSWord, MSEcxel. This means full detection capability 
Macroviruses, even encrypted onesl The ThunderBYTE development team has even 
developed a revolutionary macrocleaning utility, which enables all users to quickly and 


Windows 95/97, 
Windows 3.lx and 
DOS compatible 


Orderline 1300 360 799 Order by fax 02 9700 8801 
enquiries 02 9700 8800 internet site www.software-warehouse.com 
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a local call WlIC 

Sales Lines Open 9am til 6pm Monda 


Orderline 1300 360 799 
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IF YOU CAN FIND IT CHEAPi 

CHEYENNE ARCserve 6 


ARCserve 6 delivers unsurpassed data integrity by comt 
product line, with the industry's most advanced data r€ 
can benefit from ARCserve's superb ability to seamless! 
record-breaking processing speeds, ARCserve 6 can red 
knowing that the data on your heterogeneous environ 
ARCserve 6 supports not only DOS, OS/2 and Windows 
UNIX. Macintosh, Windows NT, Windows 95 workstatic 
Ease of Use: - With its improved Windows 95-like interface 
makes backing up your data easier than ever. 
Manageability:- Central! 


Integration:- ARCserve 6 is fully NDS-compliant and NetWar 
NetWare 4.x application. With just one log-in and one vievy 
resources on the network. ARCserve 6 allows you 
individual objects for backup and restore. 



CHEYElSNE InoeuLAN For 
windows NT or NetWare 

InoeuLAN is the leading anti-virus solution for Windows NT or NetWare 3.x and 4.x servers, offering unmatched 
enterprise management and virus protection. Exclusive features of InoeuLAN include Real-Time Cure, Universal 
Manager, Virus Wall, Virus Quarantine, Hands-Free Updates, Extensive Alerting options, Support for Windows NT 
and virus protection for Internet downloads and e-mail attachments. 

InoeuLAN is certified by the NCSA to detect 100% of viruses in the wild, carries the "Designed for BackOffice" logo 
from Microsoft and has won the Editor\155s Choice from Windows NT magazine in both 1995 and 1996. Ideal for 
Windows NT (Intel, Alpha, PowerPC, MIPS) and NetWare enterprises, InoeuLAN is fully integrated with separate 
Cheyenne Anti-Virus clients for Windows NT, Windows 95, Windows 3.x, DOS and Macintosh Workstations. 




CHEM2 InoeuLAN (Netware). 


$099 


CHE043 InoeuLAN (NT).. 


e page 3 for ft 


$999 


Orderline 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 
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6020i/6020es/6020ep 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* 

HP SureStore co-writer 


Make your own CDs! 

• Organize, distribute and archive 
your files 

• Ideal for multimedia 

• Store up to 650 Megabytes of 
data or 74 minutes of audio 


ortfevf 


Microsoft - 
Windows'95 

155 HP 6020i (Int) . . $729 

i» HP 6020es (Ext SCSI) . $879 

157 HP 6020ep (Ext parrallel). . $879 

an Writable CD (5 pack). . SAS 


WARMING BUMMIMC PC GAMES OH 

RIGHTEOUS 30 


$369 


Upgrading & Repairing PC's. . $89 

Upgrading & Repairing PCs (Hard Cover)... $109 








































































sound! Blaster awmsa value 


of buyers 

choose 

Software 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* 



video Blaster Multimedia internet Toolkit (VBIESOO) 
Creative Compact video Conferencing CCD camera 



m 

eesff 


Sound Blaster Home CD 16/16X 
Multimedia Upgrade Kit 


Sound Blaster value CD 16/16X 
Multimedia Upgrade Kit 



subject to change, see page Z for terms & 


Orderline 1300 360 799 Order by fax 02 9700 8801 
Enquiries 02 9700 8800 internet site www.software-warehouse.com 
























7T - A miracle in sound! 

**re you missing quality sound from your PCI 
JS JAZZ J-IOO 



N T E 


A T 


O N A L 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


JS JAZZ J-300 
Hipster 



P.M.P.O. 100W 


Hipster J-300. 



$99 


$69 


J-900 Jgijr 

f/ Q\ > JS JAZZ 

Peak Music Power 

Output: 


Cone 

Directivity:Unidirectional 

Controls: Power, ON/OFF, ^ " Mg 

High SensiSvityz-70dB KHz 

§r”£T ^ 



^ VokTRecognition Approved 

wowoo4 Jazz Hipster J-900. $119 

WOWM6 Jazz Hipster S-123. 
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EVERYTHING FOR YOUR PC - DELIVERED NAT IONWIDeT] 


mi rout DEO 
DC 30 


MecUaStudio 

Pro 5.0 


mirovtDEO 
DC to 


Professional studio quality 
nonlinear digital video and 
audio editing system. 



iakiio Miro Video DC30 ... $1789 



$679 


MediaStudio Pro 5.0 Today's 
most complete and 
powerful desktop video 
editing solution. 


Illead 

Systems 


Easy-to-use personal 
desktop video editing 
system for high-quality 
home videos. 


I fitieooirector Studio 200 



































pie extra 

innovating in Onto 
storage media 

One cartridge fits all QIC-80, QIC-Wide and 
Travan™ drives. Delivers over 25% higher 
capacity thanTravan™ equivalent. Higher 
capacities than all othewr media, keeps the costs 
per MByte to a minimum. Fully pre-formatted & 
approved by QIC and all drive manufacturers. 


IF YOU CAN FIND IT CHEAPER CALL US - 


■ WON'T BE BEATEN!* 


ero24DC2120 EXTRA 400/800MB... $ 49 * 

ermsTRI-extra 500MB/1GB .... $55 

ER044MC3020 EXTRA 1.6/3.2GB... 
ermeTR-3 EXTRA 2.2/4.4GB. 


$60 

$65 Verbatim 


DAT 4mm 

DL90M 1.3GB Tape Cartridge. $15 

DL120M 4GB Tape Cartridge.. $32 

DAT 8mm 

vero 56 DL112M 2.3GB Tape Cartridge....$ 16 

vero 69 DL160M 7GB Tape Cartridge. $29 

Verbatim 


looo's 


of buyers 
choose 
Software 
Warehouse 


every month! 


verbatim 

pack,.$1Q 9S 


lO 95 


CD Recordable 
Optical 
aisles 

The ideal solution 
for desktop 
online archiving 

Verbatim 

vero 43 CD DataLifePlus 640 MB CD 

verbatim HD 
Disks 

certified 100% error free. All are pre¬ 
diskette will perform an average of 30 
million revolutions- almost ten times the 
industry standard. A highly developed 
burnishing process makes for perfect < 
between your floppy drives read heac 
the floppy., no wonder Microsoft use 
Verbatim disks exclusively for their produc 


Sony 

StotStation 

Ultra-Compact Ultra-Past Ultra-Easy 

The Sony StorStation Tape Drive, with a capacity for up 
to 2.0GB, it's a great way to backup your hard drive. 



Sony OW2CB data cartridges 

Sony QW2GB data cartridges, the^reliable and versatile solution 


sNYzo Sony QW 2GB data Cartridge (5 pack) 


QIC media. 

$209 


Spressa CD- 
ROM Recorder 

Spressa Recordable CD-ROM ICDOR) 
Drives - 2x Write/ax Read 


CD creation capabilities. CD duplication : 
(WAV) file editing capabilities. 



SONY 

SONY22 Sony Spressa External mxC. 

sony23 Sony Spressa Internal $9G9 

Sony Recordable CO media 


iNY2<Sony CD-R media (10 pack) 


$109 


Order]me r200 360 739 Order by fax 02 9700 8801 
Enquiries 02 9700 8800 internet site www.software-warehouse.com 
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O N A L 


EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


affordable 
personal storage 
solution in one! 


Jaz is the perfect 
choice for hard 
drive upgrades! 


200MB of your stuff < 



o Zip Drive External (SCSI port) 

7 Zip Drive Internal 3.5 (Includes SCSI Controller Card). 
2 Zip Starter Kit 


zip & 

JAZ 



aupi6o3x ZIP 100Mb PC Disks_ $79 

oMoaolOx ZIP 100Mb PC Disks __ $249 
Aupi6i 3x ZIP 100Mb Mac Disks $199 
10 M 044 6x ZIP 100Mb CD Disks. $149 


iomo 32 3x JAZ Media PC Disks $449 

aupi 62 3x JAZ Media Mac Disks. $449 

aupi 63 JAZ Traveller 




































They plug straight in to the printer port bcKCkp90k 


PD/CD Drive, 4X CD-ROM d 
Optical Drive & Built-in 
Sound Card(lncludes 1 PD < 


nrg 109 Lifetime Classic 

is the perfect entry-level or basic replacement 
keyboard for any user. 

nrgiio Lifetime Designer 




reduces( 
located t 


Lifetime Wireless Keyboards use 
the latest infrared technology witf 
centre-bearing switch technology. 
There are two operating modes: 
0-1 metre for normal computing 
and 1-15 metres for group 
presentations. Batteries (included) 


'Call our friendly, 
knowledgeable 
sales staff" 


cw7 web.remote 

Includes Microsoft Ini 


lorn Lifetime Wireless TrackBall 

ives a new level of freedom and comfort 
rith infrared wireless technology. 
tens Lifetime Wireless TouchPad 
>ins the most advanced pointing system a\ 
rith up-to-the-second wireless 
eyboard technology. 


400 hours! 


gim web.remote Professional 

Wireless IR technology delivers up to < 


WIRELE SS | 


The best < 
keyboards'll 
the world. 

GUARANTEES 


GUARANTEED. 


Orderline 1300 360 799 Order by fox 02 9700 8601 
Enquiries 02 9700 8800 internet site www.software-warehouse.com 





















ng optical 1 


Orderline 1300360 799 HRPfin 

9am til 6om Monday to Friday and 10am til 3om Saturday. - ^ '- 




























Massive Stocks 


All Welcome! 


IF YOU CAN FIND IT CHEAPEN CALL US - WE WON’T BE BEATENt* 


"♦Peripheral Support for Hard Disk, CD-ROM, removables, MO, tape, DAT and Flopticals" 

"**0/S Support: DOS(3.3 & up), Win 3.1/Win 95, SCO Unix, Solaris Unix, UnixWare, NetWare (3.1,3.11,3.12 
& up), Windows NT (3.1,3.5,4.0), & O/S/2 (2.0.2.1)," 

AHA-2920 supports version 3.0 of OS/2 Warp and does not support Solaris Unix. 


(SJcidciptec - SCSI cards 


Kit Product Matrix 




method 




•HYUNDAI 

_ DeluxScan Monitors _I 

DeluxScan Monitors 

Available in sizes from 14” to a massive 21" at highly competitive prices 
the Hyundai DeluxScan Monitor has all the features you would expect 
from one of the most innovative and successful electronics companies in 
the world. Manufactured to the ISO 9001 standard, all Hyundai Monitors 
are extremely energy efficient and comply with EPA Energy Star/ VESA 
DPMS power saving requirements. Such features allow Hyundai to back 
their Monitors with an exclusive three year on-site Australia & New 
Zealand-wide warranty* service, 
irgonomical front panel controls, higher refresh rates, flicker-free images and low emissions are standard on all 
Hyundai Monitors. Higher resolutions (up to 1280 x 1024) give you amazing datiry for every possible application, 
from Windows to high end graphics and imaging. So whether you want to design a complex 3D model or simply 
play, the Hyundai DeluxScan monitor is the one for you! 


Ordertine 1300 360 799 Order by fax 02 9700 8801 

Enquiries 02 9700 8800 internet site www.software-warehouse.com 








































































EVERYTHING FOR YOUR PC ■ DELIVERED NATIONWIDE! 


Stylus EPSON 

600 . color 































Orderline 1300 360 799 Order by fax 02 9700 8801 55 

Enquiries 02 9700 8800 internet site www.software-warehouse.eom 


Canon - Living Colour 


IP YOU CAN PINO IT CHEAPER CALL US - WE WON’T BE BEATENI* 


\JC 210/200 


BJC-a200/ass0(A3) \ Canon BJC-t 


G20 
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EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


HP DeskJet aoi 



56 r^'Ortiertine 1300 360 799 ^ gf 
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infinity 

Scorpio 


Teeo Infinity Scorpio ■ 

The last scanner you'll ever buy! 


Arsen 


why 1,000's 


of buyers 


choose 


AMEC if E3 Flatbed Scan net 


omponents the Scorpio pixel depth can , 



Optical 1640 x 1640 dpi in increments of 1 dpi 
Maximum 9600 x 9600 dpi by software interpolation 
Colour 30 bits per pixel, 1 I 



$789 


Colour Copier 

Turn your scanner 
& printer into a colour photcopier 




Technical Specifications 

Maximum 9600 x 9600 dpi by software interpolate 



PlusteH opticpro 
aszop Flatbed 
Scanner 


The OpticPro 4830P colour Flatbed 
scanner is a feature packed product 
at a very affordable price. 






os Plustek OpticPro 4830P Flatbed Scanner . 


Orderline 1300 360 799 Order by fax 02 9700 8801 


Enquiries 02 9700 8800 internet site www.software-warehouse.com 






























EVERYTHING FOR YOUR PC - DELIVERED NATIONWIDE! 


MICROTEK High-Tech Scanning \ 


The E3 Scanner now ships with "simple SCSI". Simple SCSI is a special cable with a built- 
in SCSI-to-parallel converter. Your standard SCSI scanner can be plugged straight into 
your PC's parallel port - No need to install an interface card. It's pass-through, which 
means you can use both your printer and your E3 scanner off the same parallel port 
connector. 

All E3 Scanners also come with Photoimpact SE (PC) & Colorit (Mac) Editing 


ScanWizard for Windows 3.1, 95, NT & Mac 
OmniPage LE OCK for both Windows & Mac. 

12 months warranty. 

Free phone support for 1 installation . 

Most software, drivers & manuals are supplied or 



Or tier line 1300 360 799 
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accura 336 
Data/Fax/voice 


IF YOU CAN FIND IT CHEAPER CALL US - 


■ WON'T BE BEATEN!* 


(J) Hayes Accura SEK 
Speakerphone Modem 

How fast do you want to get there? 


the inventor of the 
PC Modem! 

When technology changes, isn't it best to go with the 
industry standard? Experience the internet, online 
services, bulletin boards, e-mail, cybershopping, faxes 
and professional message centre software. Available 
Windows* or Macintosh PC's. 


Modem wizard 97 

Make Perfect Modem 
Connections 
Every Time - 
A utomatically 


Simple Modem 

SSG computing 

















































Sportster 
voice 

it2 S'6'K. (External) 

Quality at an affordable price 




To keep you 
organized and in¬ 
touch with your PCI 



121 PalmPilot Professional... 
i241 Meg upgrade card . 


$575 

$157 



usroib Sportster Voice X2 56K (External)_ $269 

Also available (not pictured) 

U5M22 Courier V. Everything 33.6K (external) free upgrade. . . $389 
USR023 World port 33.6K PCMCIA Card. $zas 



60 z^zronledme 1300 360 799 >h FI 

Sales Lines Open 9am til 6pm Monday to Friday and 10am til 3pm Saturday. - 1 ^ ^ 
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Xircom 


Ethernet Combo 
(TP & BNC) + 33.6 
Modem. 


$599 

$539 


Netcomm 
roadster 56K xz 

or Home & Business 
internet users 


IF YOU CAN FIND IT CHEAPER CALL US - WE WON’T BE BEATEN!* 


ns* 


f,000'S 


of buyers 


Netcomm 

EtCardModem 336 + 
Ethernet 

Ideal for the mobile professional 


$269 

$ 21 $ 

$189 


CreditCard 
Modem 33.6 
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Attaching to a File Server 

How NT security handles access to shares 




j ast month, I began to explain what goes on 
[ under the hood when a user logs on to a 
Windows NT workstation and accesses data 

_ on a server on the network. If you’re just join- 

e, here’s the short version: a user named Amy has 
logged on to her NT workstation, a machine named 
NTW. The domain controller that logged her on is named 
NTPDC and the data that she wants to access is in a share 
called DATA on a server named SI. Her domain is named 
REALM, and she logged on to NTW as “Amy” from 
domain REALM with password “swordfish.” NTW con¬ 
verted her password into a one-way, mathematical hash 
function (or a one-way function - OWF) password and 
discarded her plaintext password. Then NTPDC used a 
challenge process to verify the password that Amy gave 
NTW. A challenge eliminates the need to send passwords 
over the network cable; instead of sending the password, 
the domain controller sends a random number over the 
wire and tells the workstation to do something with the 
random number and the hashed password - multiply 
them, take the arctangent of their product, or whatever. 
Then the workstation sends the result of the computation. 


Because the challenge computation is based partly on a 
random number, the result of the challenge will always be 
different, so anyone trying to steal a password by listening 
on the network cable won’t get any useful information. 

Once NTPDC is convinced that Amy is indeed Amy, 
it sends Amy’s security ID (SID) values to NTW; SIDs are 
shorthand ways of saying, “Amy has an account on 
REALM. Amy is a member of REALM’S Domain Users 
group. Amy is a member of REALM’S Domain Admins 
group,” and so on. With that information, a program called 
the Local Security Authority (LSA) on Amy’s workstation 
builds a security access token for Amy, which is good only 
on Amy’s workstation NTW. The LSA also examines 
Amy’s global groups to determine which NTW local 


groups Amy is a member of; for example, if Amy is a mem¬ 
ber of REALMXDomain Admins and that global group is 
a member of NTW’s local Administrator’s group, then 
Amy is indirectly a member of NTW\ Administrators, and 
LSA adds that fact to Amy’s local security access token. 


Accessing the Share 

Now suppose Amy tries to access a share on SI, a nondomam 
controller NT Server.The server SI sees a user, REALMXAmy, 
attempting to access a local share named DATA. Suppose 
DATA’S permissions allow Change access to anyone in the 
REALMXDomain Admins group. Because Amy is a member of 
REALMXDomain Admins, SI will grant her access. 
Figure 1, illustrates this process. 

A program called the Security Reference Monitor, 
part of the NT Executive, approves access to objects on an 
NT machine. Objects have security descriptors, a list of 
accounts and access levels. For example, if you add my 
name to a list of users approved for Full Control on a 
particular share, you’ve modified the security descriptor 
for that object. 

People who have been using Microsoft network prod¬ 
ucts since before NT will by now be saying, “Wait a 
minute. Isn’t that list of users called the access control list 
(ACL)?” The notion of ACLs (pronounced ackels) has 


been around since the LAN Manager days, and the term 
ACLs is still appropriate. But security descriptor is the 
more complete and current term. 

The Security Reference Monitor wakes up whenever a 
user (or a program a user initiates) tries to access an object. 
The object has a set of security descriptors (a list of 
approved users), and the user has a set of attributes (SIDs 
and group memberships) .The Security Reference Monitor 
says, for example, “You are user X, and on this object, user 
X has Read permissions; you are therefore approved to 
access this object in read-only mode.” 
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Let’s get back to Amy’s effort to access 
share DATA on server SI. The Security 
Reference Monitor wakes up and says, 
“Well, I’ve got the security descriptors for 
DATA, but I need to know who you are. 
After all, anyone can claim to be Amy. You 
need a security access token.” So the 
Security Reference Monitor starts up the 
LSA on SI. (Believe me, I’m trying to 
minimise the acronyms, but NT security 
stuff is fraught with it. My apologies.) The 
LSA on SI then asks the LSA on Amy’s 
workstation NTW,“Who is this user?”The 
LSA on NTW responds, “This is user Amy 
of the domain REALM.” Si’s LSA 
responds with a challenge, such as, “All 
right then, take Amy’s OWF password and 
multiply it by 47, take the cosine of that, 
then take the natural logarithm of that, and 
then give me the third digit to the right of 
the decimal point.” So Amy’s machine 
might respond, for example, “9.” In a way, 
SI is mimicking a domain controller, ask¬ 
ing NTW to prove that Amy is indeed 
Amy in much the same way that the 
domain controller NTPDC did before. 

However, NTPDC had the passwords 
and could verify Amy’s logon. In contrast, 
SI, a plain-jane NT Server, doesn’t have 
the passwords to the domain account. So 
what good did it do SI to challenge NTW 
about Amy? The answer is simple: now SI 
contacts NTPDC and impersonates Amy. 
In effect, it says, “I’ve got someone who 
claims to be named Amy on the line with 
me. Can you verify a password for me? I 
told her to give me the third digit to the 
right of the decimal point of the logarithm 
of the cosine of her password times 47, and 
she told me 9. Is that right?” 

NTPDC then repeats the challenge and 
says, “Yes, that’s definitely Amy. Here are 
her SIDs.” The LSA on the domain con¬ 
troller then sends those SIDs to server SI, 
and the LSA on SI builds a security access 
token for Amy on SI, just as NTW’s LSA 
module created a security access token for 
Amy on NTW Again, that security access 
token includes not only the SIDs from the 
domain controller (think of them as the 
global SIDs), but also the SIDs that appear 
indirectly as a result of your domain 
account or global groups being members 
of some local group (consider them local 
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SIDs). Now that a security access token for 
Amy exists, the Security Reference 
Monitor can match her SIDs against the 
SIDs in the security descriptor for the 
DATA share and choose to grant or deny 
access to DATA. 

Are We Clear? 

Let’s follow the numbers in Figure 1 to 
review the process. When Amy tries to 
access a share on server SI (1), SI finds that 
it lacks a security access token for Amy. So 
SI initiates a logon between Amy and SI. 
SI issues a challenge to Amy’s workstation 
(2), which responds to the challenge (3). SI 
then takes the challenge response to a 
nearby domain controller (4) and verifies 
that Amy is indeed on the other end of the 
line (5). Now SI has a security access 
token for Amy, so the Security Reference 
Monitor can give the yea or nay to Amy’s 
access request (6). 

But what if Amy tries to access a second 
share on SI? Does SI need to create 
another token? No. Amy’s existing token 
will suffice to identify her. Accessing the 
second share will be a trifle faster than 
with the first because the second doesn’t 
require chatter between SI and a domain 
controller. In fact, as long as Amy maintains 
a connection to SI, SI never rechecks with 
the domain controller to see whether her 
account is still valid. That situation leads to 
an interesting side effect: suppose Amy logs 
on at 8:00 a.m. one day. She attaches to 
server SI at 8:30 a.m. and is then called 
away to a brief meeting where she’s fired. 
The network administrator deletes her 
account immediately. What’s the effect of 
that action? It depends. 

The security access token remains valid 
on SI as long as Amy has active sessions on 
SI. As long as the session is active, SI has 


no reason to reverify Amy’s account. A ses¬ 
sion becomes inactive when Amy logs off, 
an administrator disconnects Amy from 
the server with Server Manager, or Amy’s 
session times out. 

By default, NT times out a session after 
15 minutes of inactivity. Many people are 
sceptical about this feature - “I’ve never 
been timed out from a server!” — because 
NT doesn’t give you a ‘You have timed 
out’ message. You see, if you’re away from 
your desk for 15 minutes or more, NT 
closes your connections to network 
resources. When you return and try to use 
the resources, NT invisibly re-establishes 
your connections, leading to an almost 
imperceptible delay as the resources’ 
servers reconfirm the validity of your 
account with nearby domain controllers. 
In Amy’s case, however, things might work 
out differently. If she’d walked away from 
her desk for more than 15 minutes, all her 
connections would have timed out. If the 
network administrator deleted her 
account, NT would have noticed this situ¬ 
ation when she tried to use one of her net¬ 
work resources. The other way to force a 
server to re-examine a user’s credentials is, 
again, to use the Server Manager to dis¬ 
connect her from the resource. This 
method has the same effect as the timeout 
but doesn’t take 15 minutes. □ 
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Inside the Windows NT 


Schedular, Part 1 


Assigning CPU time in a uniprocessor environment 


ip 


m A indows NT is a preemptive multi- 
i f threading operating system. That 
is, NT lets several programs run simul- 
taneously and switches among them 
often enough to create the illusion that each program is 
the only program running on the machine. Well, that’s 
the idea anyway. How to smoothly share one CPU (or 
multiple CPUs) among many threads of control is a 
complicated problem. Solving this problem dynamically 
many times per second is the job of the NT scheduler. 
The NT scheduler must honour the relative priorities 
that the application’s programmers designate for each 
thread and attempt to provide responsiveness to user- 
interactive threads. 

In this first part of a two-part series about the algo¬ 
rithms NT’s scheduler employs, I’ll introduce basic infor¬ 
mation about the NT scheduler. You’ll find out about the 
priority levels that NT assigns to threads, how Win32 pro¬ 
grams specify priorities for their threads, the situations 
that invoke the scheduler, and the algorithms NT uses on 
uniprocessors in those situations. I’ll wrap up with a dis¬ 
cussion of some advanced features of the scheduler, 
including priority boosting and starvation prevention. 
Next month, I’ll provide an in-depth tour of how the NT 
scheduler implements multiprocessor scheduling. 


Threads and Priorities 

The basic scheduling unit in NT is a thread. A thread is a 
point of control within a process. Processes consist of a vir¬ 
tual address space that includes executable instructions, a 
set of resources such as file handles, and one or more 
threads that execute within its address space.Typical appli¬ 
cations consist of only one process, so program and process 
are often used synonymously. Most programs today are 


single-threaded, which means they run as one process with 
one thread. However, multithreaded programs are becom¬ 
ing more commonplace. An example of a multithreaded 
program is a program that lets a user sort a list, with an 
option to cancel. One thread in the program’s process 
might perform the CPU-intensive sorting task while 
another thread in the process displays a how-to-cancel 
message to the user and waits for a response. The sched¬ 
uler does not differentiate between threads of different 
processes. Instead, the scheduler examines the priorities of 
all the threads ready to run at a given instant to pick 
which thread to execute. 

NT assigns each thread a priority number from 1 to 
31, where higher numbers signal higher priorities. (NT 
uses priority 0 for the system idle thread, which executes 
when no other thread is able to.) NT reserves priorities 
16 through 31 ( realtime priorities) for use by time-critical 
operations. Only a user with Administrator privileges can 
direct the system to execute threads in this range. NT uses 
priorities 1 through 15 ( dynamic priorities) for the pro¬ 
gram threads of typical applications (e.g., Notepad, Word, 
Lotus Notes). 

The NT kernel provides functions that let you set a 
thread to any of the 31 priority levels, but the Win32 API 
is more indirect. In Win32, specifying a thread’s priority is 
a two-step process.You must first set the priority class of the 
process; then, you can apply a relative priority to individual 
threads. 

A process priority class is a priority level around which 
NT lets the process’ threads execute. The Win32 API 
defines four priority classes: realtime, high, normal, and 
idle. These names correspond to priority levels 24,13, 8, 
and 4. Setting a process priority class causes all the threads 
of that process to begin executing at priorities within ±2 
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of the class priority. This scheme is shown 
in Figure 1. New processes inherit the pri¬ 
ority class of their parent. Process threads 
start at the priority level associated with 
their process’ priority class. 

The relative priorities that can change a 
threads priority from its process class pri¬ 
ority are highest, above normal, normal, 
below normal, and lowest. Highest adds 2 
to the thread’s priority, above normal adds 
1, normal adds 0, below normal adds -1, 
and lowest adds -2. Figure 2, shows the rel¬ 
ative priorities applied to the Normal pri¬ 
ority class range. 

The Win32 API includes two special- 
case priority modifiers: time-critical and idle. 
Time-critical moves a dynamic thread’s 
priority to the top of the dynamic range 

(15) , and idle moves it to the bottom (1). 
Similarly, time-critical and idle move real¬ 
time threads to the top (31) and bottom 

(16) of the realtime range. 

Whose Turn Is It? 

Threads must take turns running on the 
CPU so that one thread doesn’t prevent 
other threads from performing work. 
One of the scheduler’s jobs is to assign 
units of CPU time ( quantums) to threads. 
A quantum is typically very short in 
duration, but threads receive quantums so 
frequently that the system appears to run 
smoothly-even when many threads are 
performing work. One difference 
between NT Server and NT Workstation 
is the length of a user thread’s quantum. 
On most x86 systems running 
NT Server, a quantum is 120 milliseconds 
(ms). On x86 systems running NT 
Workstation, a quantum can be 20ms, 
40ms, or 60ms, depending on your system 
settings and whether the thread is a back¬ 
ground or foreground application thread 
(more on this topic later). 

The scheduler must make a CPU 
scheduling decision every time one of 
three situations occurs: 

• A thread’s quantum on the CPU expires. 

• A thread waits for an event to occur. 

• A thread becomes ready to execute. 

When a thread’s quantum expires, the 
scheduler executes the FindReadyThread 
algorithm to decide whether another 
thread needs to take over the CPU. If a 
higher-priority thread is ready to execute, 


it replaces (or preempts) the thread that was 
running. 

In many cases, threads perform process¬ 
ing and then wait for an event to occur. For 
example, a client/server application might 
have a server thread that performs process¬ 
ing when it receives client requests and 
then waits for more requests. A waiting (or 
blocked) thread gives up its quantum early, 
and the scheduler must execute the Find¬ 
ReadyThread algorithm to find a new 
thread to run. 

When a new thread or a blocked thread 
becomes ready to execute (e.g., when the 
client/server application server thread 
receives another client request), the sched¬ 
uler executes the ReadyThread algorithm. 
This algorithm determines whether the 
ready thread will take over the CPU 
immediately or be placed in an eligible-to- 
execute list. 

FindReadyThread and ReadyThread 
are the key algorithms the NT scheduler 
uses to determine how threads take turns 
on the CPU. The uniprocessor versions of 
FindReadyThread and ReadyThread are 
straightforward algorithms. Let’s examine 
how FindReadyThread and ReadyThread 

FindReadyThread.FindKezdyThread 
locates the highest-priority thread that’s 
ready to execute. The scheduler keeps track 
of all ready-to-execute threads in the 
Dispatcher Ready List. The Dispatcher 
Ready List contains 31 entries, each of 
which corresponds to a priority level and a 
queue of threads assigned to that priority 
level. The FindReadyThread algorithm 
scans the Dispatcher Ready List and picks 
the front thread in the highest-priority 
nonempty queue. Figure 3 shows an exam¬ 
ple Dispatcher Ready List with three ready 
threads-two at priority 10 and one at pri¬ 
ority 7. FindReadyThread directs the 
scheduler to choose the first thread in pri¬ 
ority 10’s queue as the next thread to run. 

ReadyThread. ReadyThread is the algo¬ 
rithm that places threads in the Dispatcher 
Ready List. When ReadyThread receives a 
ready-to-execute thread, it checks to see 
whether the thread has a higher priority 
than the executing thread. If the new 
thread has a higher priority, it preempts the 
current thread and the current thread goes 
to the Dispatcher Ready List. Otherwise, 


ReadyThread places the ready-to-execute 
thread in the appropriate Dispatcher 
Ready List. At the front of the queue, 
ReadyThread places threads that the 
scheduler pulls off the CPU before they 
complete at least one quantum; all other 
threads (including blocked threads) go to 
the end of the queue. 

Boosting and Decay 

The picture I’ve presented so far is of a fair¬ 
ly static system: threads execute at a prior¬ 
ity level until a program changes their pri¬ 
orities or they exit. What actually happens 
is more dynamic: in a variety of situations, 
NT boosts (or increases) the priority of 
dynamic range threads. The most common 
boost occurs when an event happens that a 
blocked thread was waiting for. For exam¬ 
ple, a thread waiting for input from the 
keyboard increases six priority levels (a 6- 
point boost) when a keystroke wakes it up. 
Other increases include a 6-point boost for 
mouse events and a 1-point boost when a 
thread wakes up from a wait on a general 

Boosting applies to only dynamic range 
threads. The system never changes the pri¬ 
ority of a realtime thread-only a program 
can change a realtime priority. In addition, 
a boost never causes a thread’s priority to 
move into the realtime range; priority level 
15 is the upper limit for boosts. Event- 
related boosts are temporary because the 
boost decays over time. Each time a thread 
runs through an entire quantum, its boost 
decreases by 1 point. This decay continues 
until the thread reaches its programmed 
priority level (the priority it had before its 
first boost). 






■ Screen 1: 

Adjusting the foreground application boost. 
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M FIGURE 2: Relative Priorities 
Within the Normal Priority Class 

NTs boosting logic lets the system boost 
a thread repeatedly before its priority has 
decayed to its base priority. Thus, a priori¬ 
ty 8 thread that receives keyboard input 
gets boosted to priority 14. If the thread 
completes a quantum, its priority decays to 
13. If the thread waits for and receives 
another keyboard event, its priority gets 
boosted to the 15 limit. 

Another type of boost NT Workstation 
applies is a foreground application boost, 
which you can control from the 
Performance tab of the System applet in 
Control Panel (shown in Screen 1). This 
type of boost affects quantum length, rather 
than priority. For the default Maximum 
setting, NT extends the quantums of fore¬ 
ground application threads to 60ms. If you 
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UFIGURE 3: FindReadyThread 
Picking the Highest Priority Thread 

position the slider in the middle, NT sets 
the quantums to 40ms. If you position the 
slider on None, the quantums are 
20ms-the same as the quantums of back¬ 
ground application threads. 

Starvation Prevention 

Left alone, the FindReadyThread and 
ReadyThread might prevent low-priority 
threads from getting a chance to execute. 
For example, a priority 4 thread running 
on a system with continuously running 
priority 8 threads would be starved for 
CPU time. However, NT provides a mech¬ 
anism that gives low-priority threads a shot 
at the CPU. The NT Balance Set Manager 
is a system thread that wakes up every sec¬ 
ond or so to perform memory tuning. As a 



secondary responsibility, Balance Set 
Manager executes the ScanReadyQueues 
algorithm, which implements NT’s anti- 
CPU starvation policy. 

ScanReadyQueues scans the Dispatcher 
Ready List, working down the list from 
priority 31. It looks for threads that haven’t 
executed in more than 3 seconds. When it 
finds one, ScanReadyQueues gives the 
thread a special anti-starvation boost, doubles 
its quantum, and calls ReadyThread with the 
thread as a parameter. The anti-starvation 
boost differs from other boosts: Instead of 
applying a relative priority increment, the 
anti-starvation boost slams the thread’s 
priority to the top of the dynamic range. 
(On pre-Service Pack 2-SP2-systems, the 
anti-starvation boost was to priority 14; post- 
SP2 systems boost to priority 15). When a 
thread that receives an anti-starvation boost 
finishes its extended quantum (or the thread 
blocks), its priority returns to the pre¬ 
starvation boost level and its quantum 
returns to its usual length. 

Next Month 

Scheduling in a uniprocessor environ¬ 
ment is relatively straightforward, but fac¬ 
tors within a multiprocessor environment 
complicate how FindReadyThread and 
ReadyThread work. For example, NT 
lets applications define threads to execute 
on only certain CPUs, and NT tries to 
keep threads running on the same CPU 
for performance benefits. Next month, 
I’ll describe the multiprocessor imple¬ 
mentations of FindReadyThread and 
ReadyThread. These algorithms are 
complex-so complex that you might 
argue that a better way must exist for 
scheduling in a multiprocessor environ¬ 
ment. Stay tuned. □ 
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Multiple 

Virtual Domains 


with One IP Address 



Two ways to invisibly set up two or 


more virtual domains to share an IP address 


etting up virtual domains in Windows NT 
is straightforward. However, in practice, 
you might want to set up domains that 
L share an IP address, for several reasons. For 
example, because of a bug in the NT 3.x design, you 
can add only about 14 different IP addresses in that sys¬ 
tem unless you have installed Service Pack 5. In NT 4.0 
Workstation, you can add about 10 IP addresses in the 
system; if you add more, you risk running into legal bat¬ 
tles with Microsoft. Moreover, many Web servers—in 
particular, those running on Windows 95 or on the 
Macintosh—do not support multiple IP addresses. In 
these circumstances, sharing an IP address for different 
domains is the best solution for setting up virtual 
domains. Let’s explore how sharing an IP address works 
and look at two ways of setting up virtual domains with 
one IP address. 

Our goal is to set up different domains, such as 
abc.com and xyz.com, so that when users browse 
http://www.abc.com or http://www.xyz.com, the sys¬ 
tem displays the respective home pages of companies 
ABC and XYZ, even though the companies have the 
same IP address (207.68.156.100).You can accomplish 
this feat with a simple script. The method works for 


more than two domains, too. I used Computer Software 
Manufaktur’s Alibaba 2.0 Web server running NT 
Workstation to illustrate the techniques, but you can 
use the same method with Microsoft Internet 
Information Server (IIS) or any other contemporary 
Web server. 

The Domain Name System Name Server 

First, set up the Domain Name System (DNS) name 
server in your Network properly. To make two domains 
share an IP address, you can set up a canonical name 
(CNAME) for aliases. (A CNAME is the official name 
of the system host and is specified in the address (A) 
record for the host.) Create a CNAME record for each 
alias that shares the address. When a name server looks 
up a host name or domain name and finds a CNAME 
record, the server replaces the host or domain name 
with the CNAME and looks up the CNAME. If you 
use the Berkeley Internet Name Domain (BIND) soft¬ 
ware in your name server, you must add the following 
two entries to the primary named file: 

www.abc.com. IN A 207.68.1 56.1 00 
www.xyz.com. IN CNAME www.abc.com. 
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(BIND, usually included in UNIX-based 
operating systems, is the basis for the 
Windows NT 4.0 DNS. In the NT 
machine, add the network IP address 
207.68.156.100. Now whether you ping 
www.abc.com or www.xyz.com, you 
obtain the same response: Reply from 
207.68.156.100. 

Set Up the Document Root 

In your NT Web server, set up the 
document root directory, e:\, for the IP 
address 207.68.156.100. Create two sub¬ 
directories, e:\abc and e:\xyz, for the 
domains abc.com and xyz.com, respec¬ 
tively. The home pages of the two com¬ 
panies reside in those two subdirectories 
and subsequent subdirectories. For exam¬ 
ple, company ABC can set up a subdirec¬ 
tory e:\abc\images to hold all the images 
that it needs. At this point, create the 
default file index.htm (or the appropriate 
default entry file of your Web server) for 
a home page and put it in the document 
root directory. Now when users browse 
either http:Wwww.abc.com or 
http:Wwww.xyz. com, they will see the 
same home page. 

To display different home pages for 
the two universal resource locators 
(URLs), you must redirect the requests to 
the appropriate directories and execute 
the correct files. A simple way to do this 
task is to add the appropriate index.htm 
file, or subdirectory, to the URL or to the 
link to the company on a related home 
page; when users request that URL or 
click on that link, they will go to the 
right subdirectory. The following sections 
explore two methods to make this 
process transparent to the user. 

The CGI Method 

First, let’s first explore using Common 
Gateway Interface (CGI) scripts to re¬ 
direct requests. You can automatically 
start a new URL by making use of the 
client-pull technique. In this technique, 
the browser either reloads the current 
page or loads a different page after a 
specified delay. In this way, Web docu¬ 
ment contents can change without 
action from the user. One way to re¬ 


direct a URL is to edit the default start 
file index.htm (in e:\) so that it contains 
the statements: 

<html> 

<head> 

cmeta http-equiv = "Refresh" 
content=”0 ; url=/cgi-bin/ 
referer.exe’’> 
<title>testing</title> 

</head> 

</html> 

where content=”0 informs the server to 
start (i.e., refresh) the URL specified in 
the line after 0 seconds (i.e., immediate¬ 
ly). The file referer.exe is an executable 
CGI script that has been compiled from 
the C-source code (referer.c) in Listing 1 
to direct the user to the correct domain. 
In Listing 1, the statement 

getenv("HTTP_REFERER") ; 

returns the link that leads to the execu¬ 
tion of the CGI script. The function 

strstrO 

searches for the existence of a substring 
that returns NULL if the substring does 
not exist. Through these steps, the com¬ 
mand Refresh will start the correct home 
page. For example 

printf( "Refresh: 0: URL = 
http://www.xyz.com/xyz/ 
index.htm\n\n” ) : 

starts the URL link http://www.xyz. 
com/index.htm after 0 seconds—that is, 
immediately. 

This method is a simple way to redirect 
the user.You can easily modify the code to 
make the URL-lookup efficient when 
you have a large number of URLs. For 
example, you can put all the URLs in a 
table and use standard searching tech¬ 
niques, such as hashing or binary search¬ 
ing to perform a quick table lookup. 
Unfortunately, most browsers currently do 
not return the appropriate URL-referrer 
when you start the CGI by Refresh 


instead of by hand-clicking the URL link. 
Although I believe that Refresh will work 
in the future, to use the CGI method now, 
you must click at the prompt, and the file 
index.htm in e:\ will be 

<html> 

<ahref="\cgibin\referer.exe"> 
Please click here</a> 
</html> 

Users browsing http://www.abc.com or 
http://www.xyz.com will see the prompt 

Please click here 

You must click on this message to start 
the correct page. Alternatively, you can 
use the tag 

cmeta HTTP_EQUIV> 

in an HTML page to perform the page 
refresh. 

If you want to automate the whole 
process to work under browsers in use 
today, you must use JavaScripts. 

The JavaScript Method 

JavaScript lets you embed JavaScript 
commands in an HTML page to call up 
the correct home page. When you use a 
compatible Web browser, such as Internet 
Explorer (IE) 3.0 or Netscape Navigator 
2.0 or higher, the browser loads your 
JavaScript commands as part of the 
HTML document. You trigger the com¬ 
mands by clicking the buttons that Java 
displays on a related home page or the 
browser evaluates the commands as it 
downloads the script. Thus, the scripts 
can make Web pages execute dynamical¬ 
ly. Listing 2 presents the complete 
JavaScript code that makes the URL- 
redirection transparent to the user. Place 
this code in the file index.htm (or the 
default entry file of your Web server) in 
the document root directory of the Web 
server. 

When the Web browser downloads 
the HTML file index.htm, the browser 
evaluates the JavaScript code go(), which 
calls the function go().The function go() 
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calls up the correct URL link. In the 
function, the variable location, href con¬ 
tains the current URL (i.e., either 
http://www.abc. com/index, htm or 
http://www.xyz.com/ index.htm) and is 
compared with variable x. I set x to be the 
string http://www.r, which has a string 
value betweenhttp://www.abc.com and 
http://www.x yz.com. Thus, if location, 
href is larger than x, the reference URL is 
http://www.xyz ,com;otherwise,idshttp 
://www.abc.com. 

After determining the correct refer¬ 
ence URL, you can redirect the browser 
to the correct home page by assigning the 
appropriate URL link to location, 
href. For example, the statement 

location. href="http://www.abc.com/inde 
xl .htm" 

automatically informs the browser to 
download the file indexl.htm, which 
resides in the document root directory. This 
file (indexl.htm) is the entry point for the 
home pages of the company abc.com. 
(Alternatively, you can put the company- 
specific index.htm file in subdirectory 
e:\abc with the statemendocation.href= 
“http://www.abc.com/abc/index.htm”.) 

This script can make the single-address 
virtual domain setup user-transparent; that 
is, when you use a compatible browser to 
browse the URL http://www.abc.com 
based on this setup, the effect will be the 
same as browsing a URL whose setup is 
based on multiple IP addresses. 

I admit that this method works only if 
the browser supports JavaScript. For obso¬ 
lete browsers, you must rely on the man¬ 
ual CGI method. But either method lets 
you stretch a limited number of IP 
addresses. □ 
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&traps 


® I heard that users can enable Plug and 
Play (PnP) in Windows NT 4.0. PnP 
is available only in Windows 95, right? 


A: Although Microsoft buried the option, 
a PnP driver is available on the NT 4.0 
Server and Workstation CD-ROMs. Using 
NT Explorer, go to the 
\drvlib\pnpisa\x86 directory on the 
NT 4.0 CD-ROM and find the pnpisa.INF 
file. If you right-click this file, NT gives 
you the option to install Pnpisa, as you see 
in Screen 1. After you install the file and 
reboot your machine, NT automatically 
enables the PnP service. Microsoft ostensi¬ 
bly oriented this driver toward the new 
Phoenix BIOS specific to NT 4.0. 

I have enabled the PnP driver on my 
notebook, but I don’t know how complete 
PnP is. For example, when I installed the 
PnP driver on a workstation, it detected a 
3Com NIC and asked me for a driver, as 
you see in Screen 2, although a driver was 
already present. Microsoft is obviously 
uncomfortable with enabling PnP; other¬ 
wise NT would have installed the driver by 
default. 

Warning: If you are running a system 
that already uses a version of PnP (e.g., a 
Digital HiNote notebook), don’t load this 
driver. If you do, your system will lock up 
and be very difficult to fix. 
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I have a dual-processor Pentium Pro 
system with one CPU. I’m running 
Windows NT 4.0 Service Pack 2 (SP2) 
with the Remote Access Service (RAS) hot¬ 
fix. How do I upgrade the system to a dual 
Pentium Pro? The Uni to Multiprocessor 
application on the Microsoft Windows NT 
Server Resource Kit CD-ROM won’t work 
with SP2. 

A: Because you’re running NT 4.0 SP2, 
you need to manually convert your sin¬ 
gle-processor system to a multiprocessor 
system and then install SP3. First, let’s 
look at the differences between a single 
and a dual Pentium Pro system. When you 
install NT, five files (ntoskrnl.exe, 
HAL.DLL, NTDLL.DLL, KERNEL32.DLL, AND 
WINSRV.dll) dictate the difference 
between a single-processor and a multi¬ 
processor machine. Of these five files, 
NTOSKRNL.EXE and HAL.DLL are the only 
mandatory changes. NT uses the other 
three files to optimise the system for 
either one CPU or multiple CPUs. In 
your case, all you need to worry about is 
the changes to ntoskrnl.exe and 
HAL.DLL. All the necessary configuration 
information for these two files is in the 
setup.log file in the \winnt\repair 
directory. You will need to clear the hid¬ 
den, system, and read-only attributes on 
SETUP.log to access this file. 

Open Notepad to examine setup.log. 
You will see a fist of drivers with their file¬ 
names on the NT 4.0 CD-ROM and a 
checksum value. Screen 3 shows a backup 
version of the setup.log file for a single¬ 
processor machine that I renamed setu- 
plog.bob with the lines for the NT kernel 
and the hardware abstraction layer (HAL) 


highlighted. Note that the kernel is the 
standard NTOSKRNL.EXE and the HAL is 
the HALAPic.DLL. When you boot an Intel 
Multiprocessor Specification (MPS) 
1,4-compliant system with one CPU, it 
reports itself as an MPS uniprocessor. The 
Advanced Programming Interrupt 
Controller (APIC) version of HAL identi¬ 
fies the MPS APIC chipset. 

Screen 4 shows the same two files in 
SETUP.LOG on a system with two 200MHz 
Pentium Pros. Notice that the NTOSKRNL. 
EXE is now NTKRNLMP.EXE and HAL.DLL is 
now HALMPS.DLL. To test a uniprocessor to 
multiprocessor conversion, I removed a 
180MHz Pentium Pro that I’d jumpered 
as a 200MHz, and I added two 200MHz 
Pentium Pros to a daughterboard on a sys¬ 
tem that uses an Asus dual Pentium Pro 
motherboard. The MPS 1.4-compliant 
motherboard is an APIC jumperless board, 
so I didn’t have to set any jumpers. Once 
I had everything in place, I booted the sys¬ 
tem, and it reported itself as a standard 
uniprocessor system, as you see in 
Screen 5. I then inserted the two lines 
from the dual processor SETUP.LOG into 
the setup.log of the system. I then added 
SP3. When I rebooted the system, it 
appeared as a multiprocessor machine (see 
Screens 6 and 7). All worked well. 

What about the remaining three files? 
Table 1 shows the file and checksum values 
for the files in both the uniprocessor and 
the multiprocessor configurations. 

Interestingly, the Microsoft Windows 
NT Server 4.0 Resource Kit Uni to 
Multiprocessor utility ostensibly updates 
the WINSRV.DLL FILE, but the checksum is 
the same in both files. If you are worried 
about the two remaining files (ntdll.dll 
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and kernel32.dll), you can copy the 
lines you see in Table 1 with the NT ker¬ 
nel and HAL. Please note that I did not 
try this step because it did not seem nec¬ 
essary. The dual system is running well. 
The total time for changing the SETUP. 
LOG file was minimal, and SP3 supplied 
the proper kernel and HAL. 


® I’m sold on using Windows NT in our 
environment. Having worked in the 
network support business for 20 years, I 
know that the best way to achieve the opti¬ 
mal setup for a system is by removing excess 
components. What is the best way to remove 
the POSIX and OS/2 components from a 
normal server installation? 


A: I’m always amazed at how east 
use an NT utility designed for o 


perform another task. To remove the OS/2 
and POSIX components - which you need 
to do to make your NT installation fully C2 
compliant - I recommend that you use the 
C2 Configuration utility in the Microsoft 
Windows NT Server Resource Kit (affection¬ 
ately known as the rescue kit). 

Although you don’t have to use the C2 
Configuration utility to remove the OS/2 
and POSIX subsystems, this utility auto¬ 
mates the process for you and removes all 
the applications and related files (DLLs and 
so forth) in one shot. By using an auto¬ 
mated removal tool such as the C2 
Configuration utility, you shouldn’t have 
to worry about booting into NT and 
getting error messages after you perform 


i the C2 Configuration utili 
iisplays the status of the OS/2 sul 


system and status of the POSIX subsystem, 
as you see in Screen 8. If you click the sta¬ 
tus for OS/2, you have the option of 
removing this subsystem, as you see in 
Screen 9.The same is true for removing the 
POSIX subsystem, as you see in Screen 10. 


® I recently purchased an IBM ThinkPad 
160ED. This machine is great, but I 
can’t get my Megahertz 33.6 PC Card 
Modem to work. I’ve tried every possible 
combination to load the modem. Do you 
have any suggestions? 


A: You are encountering a firmware- 
related problem with the ThinkPad. I 
assume that when you boot the system, you 
see version 1.00 CMOS. Upgrade the 
CMOS to version 1.01, and the system will 
see the Megahertz modem. 
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■ Screen 5: 

Displaying the uniprocessor system 
status in the Windows NT Diagnostics 
version window 



■ Screen 6: 

Displaying the multiprocessor system 
status in the Windows NT Diagnostics 
version window 



■ Screen 7: 

Displaying the multiprocessor system 
status in the Windows NT Diagnostics 
system window 


I’m having trouble keeping up tvith the 
specifications on new graphics display 
cards. Can you explain what’s happening to 
the memory configurations on these new 
cards? I’ve also heard that Intel is adding a 
specification for its motherboards that per¬ 
tains to video. What’s going on? 

A: The types of memory on graphics dis¬ 
play (video) cards are as varied as the ways 
in which each type of memory approaches 
its task. At the low end of the price scale 
are cards with DRAM video memory. 
DRAM is single ported memory that the 
system clock must reset before the card 
can refresh the screen. Because of this lim¬ 
itation, many users prefer cards with 
VRAM. This type of memory is dual 
ported and does not need to be reset by 
the system clock. VRAM costs twice as 
much as DRAM, but it shows only a mod¬ 
est gain in performance. Of greater inter¬ 
est are the new variants of DRAM, 
including Enhanced Data Output (EDO) 
RAM, Synchronous DRAM (SDRAM), 
and Synchro-nous Graphics DRAM 
(SGDRAM), which are faster and cheaper. 
SGDRAM is growing in popularity 
because vendors such as ATI and Matrox 
support it on their cards. 

Other noteworthy types of memory are 
Window RAM (WRAM) and Multibank 
DRAM (MDRAM). WRAM is dual 
ported, but it has fewer components than 
VRAM, which makes it cheaper to pro¬ 
duce. MDRAM is interesting because you 
can configure it in 256KB increments.This 
flexibility lets you buy the amount of 
memory you need. 

Intel is developing the Accelerated 
Graphics Port (AGP).This port is a direct 
connection between the memory chipset 
on the motherboard and the graphics dis¬ 


play card. This new hardware specifica¬ 
tion might sound trivial, but it’s not. 
When Intel implements the AGP, Intel 
will eliminate the PCI bus. AGP lets 
video run at 66MHz, and with clock 
doubling built in, the video will run over 
a 133MHz transfer bandwidth. Intel will 
initially release Pentium Pro mother¬ 
boards with the AGP configuration dur¬ 
ing the fourth quarter. Although some 
OEMs put Windows 95 on Pentium Pro 
systems, Windows NT will realise the 
most advantage from AGP. 

In the interim, I recommend that 
you buy the minimum card for the cur¬ 
rent job unless you need high-end graph¬ 
ics. Shop around for a 2MB card for basic 
systems, a 4MB card for intense graphics 
systems, and an 8MB card for large (21") 
monitors and high resolutions (running 
1600dpi x 1200dpi x 65,000 colours). 

I just purchased an Adaptec 2940UW 

SCSI controller card. When I installed 
it, I noticed that the card ID was set to 7. A 
friend told me that all new cards are set up 
this way. Why isn’t the card ID set to 15? 

A: Most vendors assume you have a mix¬ 
ture of Narrow and Wide SCSI devices. 
Narrow SCSI devices communicate with 
registers 0 to 7, and Wide and Ultra Wide 
SCSI devices use registers 8 to 15. If you 
use a Narrow SCSI device, it must be able 
to access the controller. An 8-bit device 
can’t access ID 15 but can access ID 7. If 
you plan to use only Wide or Ultra Wide 
SCSI devices, you can set the controller 
card to ID 15. 

New SCSI controller cards have other 
characteristics that can cause trouble. For 
example, if you mix Ultra SCSI (SCSI-3) 
devices with Narrow (SCSI-2) devices, 


table i: File and Checksum Values for Uniprocessor and 
Multiprocessor Configurations 

Uniprocessor Multiprocessor 

\winnt\system32\ntdll.dll="ntdll.dll", "63a98" \winnt\system32\ntdll.dll="ntdll.dH","59c19" 

\winnt\system32\kernel32.dll=''kernel32.dH", "5f6d7" \winnt\system32\kernel32.dll="kernel32.dH", "5b7f8” 
\wint\system32\winsrv.dll="winsrv.dll", "37b4e" \wint\system32\winsrv.dll="winsrv.dH", "37b4e" 
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you start encountering cable length issues. 
SCSI-3 cables can measure only about 
5.5 feet, while SCSI-2 cables can measure 
about 10 feet to 12 feet. 

Terminating the controller card is also 
confusing. If you have all devices on one 
side of the controller, simply keep termi¬ 
nation on (set to automatic). If the devices 
are on both sides of the controller and all 
devices are wide, turn off both low and 
high bits. If you have SCSI-2 on one side 
of the controller and SCSI-3 on the other, 
terminate high bits on the card and 
remove termination for the low bits (high 
on/low off). 

I’m confused about drivers such as 

Fastfat, atapi, and i8042prt, that 
Windows NT loads for no apparent rea¬ 


son. Can you tell me where I can find more 
information about these and other drivers? 

A: Many of NT’s drivers have weird 
names. One of my favorites is Sparrow, 
which is the Adaptec SlimSCSI driver. 
Fastfat is the FAT driver, atapi is the EIDE 
driver, and i8042prt is the keyboard driver. 
You can find a list of the most common 
drivers on the Microsoft Windows NT 
Workstation Resource Kit CD-ROM. 

Do you know of any alternatives to 
the IPCONFIG command-line 
utility that NT uses? I don’t want any¬ 
thing expensive. 

A: Check the Microsoft Windows NT Server 
Resource Kit and the Microsoft Windows NT 


Workstation Resource Kit. The IP 
Configuration utility (WINTIPCFG.EXE) 
provides a nice interface. Screen 11 shows 
the basic appearance of a network config¬ 
uration and Screen 12 expands the view. 

I recently purchased an AST Ascentia 

P50 Notebook that allows only 24MB 
of RAM. To my disgust, the new AST 
systems can address up to 80MB of RAM. 
AST is not much help here. Do I have 
any recourse? 

A: One of my friends has noticed that the 
new Hitachi systems use what appears to 
be the same motherboard and case design 
as the AST Ascentia P50 Notebook. We 
took two 32MB modules from a Hitachi 
system and added them to my existing 



■ Screen 8: 

Identifying the status of the OS/2 and POSIX subsystems 


■ Screen 9: 

Removing the OS/2 subsystem using the C2 Security Manager 
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■ Screen 11: 

Viewing the status of an IP address using 
the IP Configuration utility 



Expanding the view in the IP 
Configuration utility 


rrmn 



Viewing the amount of RAM on an AST 
Ascentia P50 notebook in NT 4.0 



AST system motherboard, which the 
company states will support 40MB of 
RAM. The board functions perfectly with 
the additional memory. The system has 
been running nonstop for a week with no 
crashes. Buy the memory for Hitachi, and 
use it in your AST. Screen 13 shows the 
amount of memory NT 4.0 now sees on 
my AST Ascentia P50. 

0 The ISA bus has been around a long 
time and has ample industry support. 
Yet every author I have read, including 
you, has stated that it is outdated and 
should not be used with Windows NT. 
Can you elaborate? 

A: IBM designed the original 8-bit ISA 
bus in 1983 for the PC/XT. IBM quickly 
realised the limitations of this architec¬ 
ture, and in 1986, the company released a 
16-bit ISA bus for the PC/AT (the AT 
bus) that literally doubled the amount 
of IRQs and direct memory address 
(DMA) channels. 

The AT bus is synchronised to an 
8.33MHz clock signal. At zero wait state, 
the bus requires two bus clock cycles to 
move data. Furthermore, because the 
architecture is 16 bits wide, the maximum 
amount of data you can transfer at any 
one time is 2 bytes. At best, the AT bus is 
capable of only 4 million transfers per 
second. More important, the bus has only 
24 address lines to memory, so the maxi¬ 
mum amount of memory you can address 
directly is 224 or 16MB. 

The AT bus was an improvement over 
its predecessor (the PC/XT ISA bus), but 
the industry was not satisfied with its 
throughput. In early 1987, Compaq 
introduced the Dual bus, a bus with an 
8.25MHz feed to the expansion cards 
and a 16MHz feed from the CPU to 
memory. In 1988, a consortium of nine 
computer companies, known as the Gang 
of Nine, introduced the specifications for 
an EISA bus with a 32-bit data path. 
IBM realised the deficiencies of the AT 
bus and tried to replace it with Micro 
Channel Architecture (MCA), which was 
superior to the AT bus and EISA bus. 
However, vendors weren’t willing to pay 


IBM’s high licensing fees, and the MCA 
bus has all but disappeared. Finally, in the 
early 1990s, we started to see the local 
Video Electronics Standards Association 
(VESA) bus and PCI bus, which 
improved the performance of graphics 
display cards. 

Despite its deficiencies, the AT bus 
rapidly gained popularity. Although 
CPUs reached 50MHz, manufacturers 
stuck with the AT bus. Consequently, 
vendors kept making ISA expansion 
cards, and a vicious cycle started that is 
still not abated. A prevalent attitude was 
that the AT bus was fast enough for most 
cards. This attitude is changing, and I 
think the AT bus would disappear if 
sound cards and modems (the only 
remaining AT bus legacy cards) were 
available for the PCI bus. 

In the best situation, the AT bus is far 
from optimal for NT systems. This reality 
is particularly evident with bus master 
cards (SCSI cards and NICs) that attempt 
to use more than 16MB of memory via 
DMA. All such transfers require buffer¬ 
ing from above 16 to below 16. Finding 
other types of ISA-based cards, such as 
graphics display cards, is virtually impos¬ 
sible. You can get some inexpensive 
NICs, most notably NE2000 clones, but 
most NICs for NT are PCI based and 
many are moving to 100Base-T. Because 
NT is a 32 bit operating system, why use 
a 16 bit motherboard? In fact, more and 
more motherboards, such as the new 
Supermicro Pentium Pro systems, are 
appearing that offer far more PCI slots 
than ISA slots. 

I am planning a network, and I 

recently read that Windows NT places 
restrictions on users who join a domain 
and then have an account made for them. 
Can users boot onto a domain and then 
establish an account? 

A: You can in fact ha 
domain to establish aci 
machines. The disadv 
approach is that the i 
administrative privileges 
to create the machine 
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domain administrator adds the machines 
to the domain before the users join the 
domain, the users won’t need administra¬ 
tive privileges to log on to the domain. 
This scenario is one case where you have 
to plan ahead and add the users before the 
event occurs. 

I have Windows NT installed on my D 

drive and I want to migrate it to my E 
drive. Is this switch possible? 


A: Excellent question. Is it possible? Yes, 
but only with painstaking line-by-line 
searching of the NT Registry. Lots of 
people have asked me this question. To be 
honest, I recommend that you reinstall NT 
on your E drive rather than attempting to 
migrate your current installation. My 
experience with migrating NT between 
drives has been far from stellar. It simply is 
not worth the trouble. □ 


Send us your tips and questions. 
You can also visit Bob Chronister's 
online Tricks & Traps at 
http://www.winntmag.com/ 
forums/index, html. 
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Tales from Tech Ed 97 


Ok, so you've been to Microsoft's Tech 
Ed 97 conference in Melbourne and 
think you've seen it all, huh? Well for 
those who were too hung over to 
remember what happened, or for those 
who simply couldn't make it down to 


between the lined 


During testing of backup 
technology, a major hard¬ 
ware vendor found that 
Windows NT was causing 
a data transfer bottleneck. 

The same backup under 
NetWare 4.11 produced a 
bottleneck on the PCI bus. 

I found that Microsoft has 
been reluctant to release 
infomation about the APIs 
that would assist with this 
type of operation. Instead 
of giving the software 
vendors information to 
help improve NT's internal support for backups relative to 
NetWare, Microsoft is developing a backup component for the 
BackOffice suite. I guess Microsoft just can't stand to see good 
folks at Cheyenne and Seagate snap up all those millions of 
brand new NT Server licenses. 




Melbourne this year, I thought I'd 
summarise the event's main features 
for you: 

A) Seeing a prominent IT executive 
(who shall go unnamed) yell out 'shake 
yer booty' in the Crown Casino at 
some poor unsuspecting casino gal 

B) Finding out from Microsoft's Mark 
Ryland that the number of Windows 95 
copies sold exceeded the number of 
people who heard the OJ Simpson trial 

C) That the concept behind Microsoft's 
upcoming Active Directory Services 
was inspired by William Gibson's 
Neuromancer 

D) That continous reinvention is 
Microsoft's buzzword for the moment, 
(oh really? Since 

when has having 
to solidly upgrade 
software been a 
new concept?) 
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After dissecting Service Pack 3 (SP3), an alert Trip tipster found that you 
can tune the virtual address map division between user mode and the operating 
system. With SP3, the undocumented /3gb command-line switch lets you change the 
division from 2GB for applications and 2GB for the kernel to 3GB for apps and 1GB 
for the kernel. Add this switch to the load line of your boot.ini, and-presto!-the 
change is made. Although this tip is undocumented, you can find a 
description of the feature at http://www.microsoft. 
com/ntserver /info/ntseetb.htm. 


^ Prediction of the Month^ ) 

Along with all the bells, whis¬ 
tles and shiny new products being 
wheeled out at Internetworld 
1997, an epic prediction a-la 
Nostradamus was also being 
touted. "Come October, Wordstar 
will come back from the grave as a 
Java applet...if the guys who wrote it 
are still around!"This is from the pulpit 
of Len Augustine, director of electronic 
commerce for Oracle, Australasia. 
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You can try and ignore it, but sooner or later everyone will suffer data loss. No matter if it’s a client 
list, a financial report, or a new business plan - if work or records get lost you can’t hide the fact you’re 
in real trouble. 

Now there’s a simple and affordable way to insure against disaster - with a Seagate Travan or DAT 
back-up and archiving system, your worries are over. Seagate offers the industry’s leading range of high- 
performance tape drives for PCs, workstations and servers working 
under Windows 95, Windows NT, Netware, Unix, OS/2 or Macintosh 
operating systems. Call your local dealer for more information or visit our website at www.seagate.com. 


<& Seagate 

Asia Pacific 


Seagate Authorized Distributors: 

AUSTRALIA • ACA PACIFIC PTY LTD Tel: 1800-671796/03-93880477 Fax: 03-93881124 • AGATE TECHNOLOGY PTY LTD Tel: 02-98784688 Fax: 02-98784655 • COSMOTEC 
AUSTRALIA PTY LTD Tel: 03-98888133 Fax: 03-98089293 • TECH PACIFIC AUSTRALIA PTY LID Tel: 02-9381 6201 











They don’t make coffee or tell jokes. But StorageTek’s automated cartridge systems 
will improve the quality of life around the office from Day One. Using high-performance 
robotics, our systems back up, retrieve, load and manage all your data. And save you 
a small fortune, too. They work in a wide range of distributed computing environments 
and deliver mainframe storage performance, without the mainframe price. 

1 For more information, just call 02 9438 4844, ext. 606. Or visit our Web site. 


www.storagetek.com/robo 






